Security Control Assessor Representative III (Senior)

The Security Control Assessor Representative III will perform comprehensive IT security control assessments on AFCENT systems and software applications. Assessments require physical travel to various contractor and Government sites inside and outside the continental United States (CONUS and OCONUS). Assessments determine the condition of the management, operational, and technical security controls employed within or inherited by an information system or software to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system).

Responsibilities include:

  • Perform initial and continual security control assessment and validation for networks, systems, and software applications
  • Meet the minimum qualification requirements for Information Assurance Technician (IAT) Level II as identified by DODI 8140.01 and DoD 8570.01-M
  • Adhere to DOD and USAF laws, standards, policies and procedures
  • Utilize DOD approved tools such as, but not limited to – Assured Compliance Assessment Solution (ACAS), Nessus, Host Based Security Systems (HBSS), Continuous Monitoring Risk Scoring (CMRS), Online Compliance Reporting System (OCRS), and SolarWinds – to generate initial and continuous monitoring reports
  • Complete reports to support risk decisions from the AO, both as required and as requested
  • Provide an assessment on the severity of weaknesses or deficiencies discovered in the information system or software application and its environment of operation and recommend corrective actions to address identified vulnerabilities
  • Review the System Security Plan (SSP), prior to initiating the security control assessment and ensure the plan provides a set of security controls for the information system or software application that meet the stated security requirements
  • Advise the Information System Owner (ISO) concerning the impact values for confidentiality, integrity, and availability for the information on a system or software application
  • Evaluate threats and vulnerabilities to information systems or software application to ascertain the need for additional safeguards
  • Assist in creating, reviewing, and approving the information system or software application security assessment plan, which is comprised of the SSP, the Security Controls Traceability Matrix (SCTM), and the Security Control Assessment Procedure
  • Ensure security control assessments are completed for each information system or software application and ensure controls are working as intended and these controls protect the confidentiality, integrity and availability of IT resources at the appropriate levels
  • Assist with preparing the final Security Assessment Report (SAR) containing the results and findings from the assessment at the conclusion of each security control assessment activity
  • Ensure a Plan of Action and Milestones (POA&M) is initiated by the Information System Security Officer (ISSO) for the information system based on findings and recommendations from the SAR
  • Evaluate security control assessment documentation and provide written recommendations for security authorization to the AO
  • Provide expertise to execute vulnerability assessments on Platform IT systems
  • Assist with assembling and submitting the security authorization artifacts to the AO (consisting of, at a minimum, the SSP, the SAR, the POA&M, and a Risk Assessment Report (RAR)
  • Assess the proposed changes to information systems or software application, their environment of operation, and mission needs to determine if they are security-relevant and could therefore affect system authorization
  • Utilize the RMF methodology to successfully implement an information technology process which shall effectively protect the element’s information assets and its ability to perform its mission
  • Provide guidance to other assessors on the policies and procedures of the job; provide detailed assessment findings using Government-specified processes and procedure
  • Provide solutions and recommendations to remedy security vulnerabilities, threats, to ultimately improve the protection of IT resources and to execute the Customer’s mission
  • Utilize assessment results to identify trends and to improve IA training, policies, and processes
  • Develop reports and trend analyses to support risk assessment decisions
  • Perform DoD/NIST RMF Operations Support
  • Review, edit, comment, and analyze documents, and recommend corrections/changes
  • Prepare briefs and present oral presentations to update the Government on the status of actions
  • Provide CONUS and OCONUS TDY travel support

Candidate Requirements: Experience may be used in lieu of higher education. Candidates without advanced degree must have 7+ years’ relevant IT experience. Candidates with a BS in related field must have 5+ years’ relevant IT experience. Candidates with an MA/MS in related field must have 3+ years’ relevant experience.

COMPANY INFORMATION:
Bravura is a rapidly growing Woman Owned Small Business (WOSB) that provides professional and engineering services, technology solutions and product offerings to DoD, Federal Civilian agencies. Bravura is an Equal Opportunity Employer. Bravura does not discriminate against employees or applicants for employment on any legally recognized basis (protected class) including, but not limited to: veteran status, uniform service member status, race, color, religion, sex, national origin, age, physical or mental disability, genetic information or any other protected class under federal, state, or local law. These are positions that require a U.S. Citizenship.

Job Category: Cybersecurity
Job Type: Full Time
Job Location: Shaw AFB - SC
Clearance Level: Secret
Education-Certifications: IAM Level III OR IAT Level III MA/MS in related field w/ 3+ years' experience OR BS in related field with 5+ years' experience
Years of Experience: 7+ years' experience with no advanced degree

Apply for this position

Your Passport must be valid for two years.

Maximum allowed file size is 1 MB. Allowed Type(s): .pdf, .doc, .docx