Security Control Assessor (SCA) (TS/SCI)

Join a fast growing agile small company that delivers cutting edge cybersecurity and system integration services to the US National Security market. We are seeking a motivated self-starter with experience in secure information systems to join a team of security professionals and help defend national security systems.

Tau Six, an agile small company delivering cutting edge cybersecurity and systems integration services to the US National Security market, has an immediate need for a Cybersecurity Security Control Assessor (SCA) for a Department of Defense customer. This high-profile contract will assist the DoD with the oversight and management of information technology projects in support of critical Defense priorities. The ideal candidate will bring excellent cybersecurity and information assurance knowledge to the program coupled with strong communication skills.

Your excellent technical skills will assist in identifying risk to systems across a broad spectrum of technologies and processes. Your responsibilities will also include elements of physical and environmental protection, incident handling, and security training and awareness. In close coordination with the rest of the security team, you will play an active role in identifying risk and defending the enterprise. Candidates must possess thorough understanding of Windows & Linux operating systems, cloud technology, contemporary networking, and cybersecurity tools, techniques, and tactics.

Clearance Required: U.S. Government Top Secret / SCI

Responsibilities:

The Security Control Assessor (SCA) will conduct and document a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system. Determine the overall control effectiveness through documentation review, inspections, testing and interviews. Provide an assessment of the severity of weakness or deficiencies and recommend corrective actions to address identified vulnerabilities. Provide initial mitigation of Cybersecurity incidents, support incident investigations, and closure of the incident. Provide assessment of proposed technology (hardware, software, and firmware) for Cybersecurity vulnerabilities.

General activities:

• Improves operations by conducting functional and systems analyses and recommending changes in policies and procedures.

• Scrutinizes builds of secure infrastructure to ensure best practices are followed in using the latest networking, virtualization, automation, and configuration management tools.

• Works with the customer to identify and implement security requirements, security best practices, and security controls.
• Partners with the customer to develop and implement strategic security initiatives
• Assist in security investigations and responses as necessary
• Provide cyber security technical expertise and analysis for new technologies and configurations.

Specific assessment of security controls and organizational requirements shall include:

• Assessment Package Feedback which focuses on the documentation submitted to support the various steps of Risk Management Framework (RMF).
• Security Assessment Report which focuses on the assessment of an information system in support of the authorization determination. Shall provide a draft report
• Periodic Cybersecurity Assessment Report or Security Compliance Report which focuses on the assessment of a Cybersecurity program at a location.
• Cybersecurity Incident Reports which focus on documenting Cybersecurity incidents.
• Technical Assessment of Hardware, Software, or Firmware. Shall document the technical assessment addressing Cybersecurity vulnerabilities
• Shall develop an annual compilation of findings and observations based upon the Security Assessment Reports and Periodic Cybersecurity Assessment Reports or Security Compliance Reports based upon fiscal year assessments.

Position Qualifications:

• Shall have 4 or more years of experience in the validation of security configuration of operating systems.
• Shall have 2 or more years of experience applying Risk Management Framework (RMF) as described in the National Institute of Standards and Technology Special Publications.
• Candidates must have extensive experience with risk assessment technologies including analyses of the adequacy of implemented security features across a broad range of technologies.

• Must have extensive experience conducting security testing and providing accreditation recommendations to decision authorities.
• A background and experience with NIST SP800-53, CNSSI 1253, DCID 6/3, JSIG, and/or ICD 503. Knowledge of current authorization practices, particularly within the DoD and IC is a must.
• Must have extensive direct experience with the policies, processes, and methodologies in the application of the Risk Management Framework.
• Must have demonstrated knowledge of host and network access control and auditing technologies and methods.
• Must have an understanding of incident response, configuration management, and defense in depth best practices.

Desired Qualifications:

• Strongly desired experience with application of the Defense Information Systems Agency (DISA) Security Technical Implementation Guides.
• Operating System/Computing Environment certificate for Windows Server 2012 or newer UNIX (Linux (Red Hat), Solaris).
• Experience with vulnerability scanners.
• Experience with assessing security relevant applications.
• Experience as a System Administrator, Information System Security Manager, or Information System Security Officer.
• Experience applying the requirements of the DoD Joint Special Access Program Implementation Guide (JSIG) to information systems or Cybersecurity programs.
• Experience with Cross Domain Solutions (CDS)

Education Desired:

• Bachelor's Degree/Master's Degree in a technology-related discipline