SCA Level IV/SME

Overview

Arcfield was purpose-built to protect the nation and its allies through innovations in digital transformation, space mission engineering and launch assurance, miniaturized sensors and satellites, advanced modeling and simulation, cybersecurity, and conventional and hypersonic missile support. Headquartered in Chantilly, VA with 16 global offices, Arcfield employs more than 1,500 engineers, analysts, IT specialists, and other professionals with more than 60 years of collective proven experience supporting missions in cyber and space defense, space exploration, hypersonic and nuclear deterrence and warfighter readiness. Visit arcfield.com for more details.

Responsibilities

Arcfield's Cyber programs are expanding and are currently in need of Level IV/ Security Control Assessor (SCA) Subject Matter Experts to support Risk Management Framework (RMF) workflows, performing comprehensive INFOSEC assessment of management, operational, and technical security controls to determine overall effectiveness of the controls for A&A determination throughout our customer’s program system lifecycle. SCAs provide an assessment of the severity of weakness or deficiencies discovered in the IS and its environment of operation and recommend corrective actions to address identified vulnerabilities. In this role you will be considered a recognized expert within the company, who designs, researches and develops highly advanced applications, which may result in new product/business opportunities for the company. Note: An offer for this position is contingent upon contract award.

Responsibilities include, but are not limited to:

• Review and assess information systems (IS) for compliance with IC, DoD, and ND guidelines
• Provide security advice and guidance to government and industry partners
• Advise Information System Owners (ISO) on confidentiality, integrity, and availability impact values
• Offer technical guidance for Authorization and Accreditation (A&A) responses
• Evaluate IS threats and vulnerabilities, recommending additional safeguards as needed
• Support development and implementation of customer’s IT-IA-IM policies
• Contribute to future Customer IS security policy development
• Conduct site visits and assessments, prepare written reports for government approval
• Ensure completion of security control assessments for each IS
• Support RMF process-related presentations, briefings, and reports
• Utilize customer’s RMF system of record for workflow duties and documentation
• Track and report on RMF process workflow activities and metrics
• Prepare Security Assessment Reports (SARs) and Authorization Recommendations
• Collaborate on Plans of Action and Milestones (POAMs) based on assessment findings
• Review and approve IS Security Assessment Plans
• Address security issues as requested by the government
• Support A&A for special programs and tactical operations
• Conduct reviews and write reports for ISAP or TISSRs
• Verify proper implementation and documentation of security controls in System Security Plans (SSPs)
• Assess severity of identified weaknesses and recommend corrective actions
• Act as IS liaison between Directorates and Offices
• Work on unusually complex technical problems and provides innovative solutions
• Determines and pursues courses of action necessary to obtain desired results

Qualifications

Required:

• Must possess and be able to maintain a TS/SCI clearance with polygraph
• BS 12-15, MS 10-13, PhD 10+
• A STEM degree
• SCA experience
• Certifications:
  • CAP
  • CASP
  • CISM
  • CISSP (or Associate)
  • GSCL
  • CGRC/CAP
  • Cloud+
  • CYSA+
  • GSEC
  • PenTest+
• Relevant experience in technical project management
• Advanced IS security skills and knowledge
• Familiarity with IA concepts
• Ability to review and recommend vulnerability and risk levels associated with SW and HW products
• Practical experience developing and implementing security related directives
• Practical experience performing IS' A&A as defined in applicable ICDs and guidance
• Practical experience utilizing risk management strategies for IT solutions
• Understanding of emerging technologies and their implementation w/in government systems and network environments
• Knowledge of IT concepts used in evaluation of security performance and integrity of state-of-the-art applications, communications systems, HW, SW, satellite controls systems, and information processing systems
• Practical experience assessing security of cloud-based systems including IaaS, PaaS, and/or SaaS deployment
• Ability to effectively coordinate A&A activities of industry and government IS' to meet acquisition milestone requirements
• Experience working with a mixed skill level team to ensure that appropriate knowledge and skill transfer occurs
• Ability to simultaneously manage and track multiple large-scale systems or programs involved in A&A process
• Experience developing and implementing security related directives and guidance for IT-IA-AM
• In-depth understanding of IT systems, SW, & networks
• Effective technical report and general correspondence writing ability

Desired:

• Education relevant to computer engineering, INFOSEC, cyber security, information management, and/or computer science
• Experience providing technical and programmatic Information Assurance Services to internal and external customers in support of network and information security systems
• Able to prepare and provide documentation using accepted guidelines such as DITSCAP
• Experience providing certification and accreditation support in the development of security and contingency plans and conducting complex risk and vulnerability assessments
• Designs, develops and implements security requirements within an organization's business processes
• Prepares Security Test and Evaluation plans
• Analyzes policies and procedures against Federal laws and regulations and provides recommendations for closing gaps
• Develops and completes system security plans and contingency plans
• Recommends system enhancements to improve security deficiencies
• Develops, tests and integrates computer and network security tools
• Secures system configurations and installs security tools, scans systems to determine compliance and report results
• Evaluates products and various aspects of system administration
• Conducts security program audits and develops solutions to lessen identified risks
• Develops strategies to comply with privacy, risk management, and e-authentication requirements
• Provides information assurance support for the development and implementation of security architectures to meet new and evolving security requirements
• Evaluates, develops and enhances security requirements, policy and tools
• Provides assistance in computer incident investigations
• Performs vulnerability assessments including development of risk mitigation strategies

EEO Statement

We are an equal opportunity employer and federal government contractor. We do not discriminate against any employee or applicant for employment as protected by law.