Job Description Summary
Maximus is searching for a Security Control Assessor (SCA) to join a DoD program in Arlington, VA. The Security Control Assessor is responsible for conducting a comprehensive assessment of the management, operational, and technical Security Controls employed within or inherited by a SAP information system to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system).Responsibilities include, but are not limited to: • Collaborate with key stakeholders to ensure security engineering initiatives are aligned with the operational needs within the SAP IT.• Develop specifications to ensure risk, compliance, and assurance efforts conform with confidentiality, integrity, and availability requirements at the software application, system, and network environment level. • Draft statements of preliminary or residual security risks for system operation• Maintain information systems assessment and authorization (A&A) documents.• Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements. • Review Security Impact Analysis (SIA) and identify gaps in security architecture.• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy. • Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. • Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks • Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations. • Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)• Experience in one or more cloud computing services and technologies including but not limited to: AWS/C2S, • Provide oversight to the SAP Community on the latest vulnerabilities and identify remediation efforts• Develop and implement new security mechanisms for the SAP Ecosystem• Identify and select best-in-class threat prevent tools and software for the SAP Ecosystem • Execute special projects as required • Able to travel 20-30% of the time to local and CONUS sitesRequired Skills & Qualifications: • Must possess an Active TS/SCI clearance.• Bachelor's degree or higher (Experience may be substituted)• Minimum seven (7) years of demonstrable DoD or SAP security experience (or 15 years of experience without degree)• 7 or more years of experience implementing Risk Management Framework (RMF)• Understanding of DISA STIGs and Benchmarks• Understanding of tools, e.g., SCAP, ACAS, Vulnerator, HBSS, eMASS• Must have analytical skills to evaluate risk, gather data, conduct security audits, and assess information to make critical decisions affecting network security.• Interact with technical leads, developers, and system owners to ensure that all technical requirements are aligned with SAP guidance.• Excellent written and verbal communication skills • Knowledge of coding languages, intrusion detection, operating systems, security planning and auditing, ethical hacking and other security, programming, and diagnostic tools.Certification Requirements:• DoD 8140 Level 2 (or higher) certification is required and may equate to two (2) years of experience (CISSP, CCNA, CySA+, GISCP, Sec+CE, CND, SSCP etc.…)• Cloud certification is a plus #techjobs #clearance #SAPCIO
Job Summary
Maximus TCS (Technology and Consulting Services) Internal Job Profile Code: TCS040, T4, Band 7