Dependable Global Solutions Security Control Assessor III in Washington, District Of Columbia
Are you looking for an exciting opportunity? It?s time to consider DGS! Join a company that is distinguished by excellence. We offer a challenging and rewarding environment with talented professionals, great benefits, work-life balance integration, and a commitment to helping you grow and learn as well as opportunities.
The Security Control Assessor (SCA) is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). The Security Control Assessor shall provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation, and recommend corrective actions to address identified vulnerabilities. The SCA shall conduct analysis of information system security controls, information systems and applications for weaknesses, and documents recommendations addressing security measures to protect information against loss of confidentiality, integrity and/or availability.
Responsibilities and Duties
Perform assessment of information systems, based upon the Risk Management Framework (RMF).
Evaluate Authorization packages and make authorization recommendations.
Evaluate IS threats and vulnerabilities to determine whether additional safeguards are required.
Advise the Information System Security Officer (ISSO) concerning the impact levels for confidentiality, integrity, and availability for information on a system.
Review and approve the IS Security Control Assessment Procedures, the Security Assessment Plan (SAP), the System Security Plan (SSP), and the Security Control Traceability Matrix (SCTM).
Perform configuration management of a client central repository for authorization documentation (i.e., Body of Evidence (BOE)), which is maintained using an Assessment and Authorization (A&A) workflow software application.
Review and compile the BOE (i.e., security control allocations, security control implementations, test results, Security Assessment Reports (SARs), Plan of Action and Milestones (POA&M), risk acceptance recommendations, and risk mitigation strategies) to support the recommendation for client risk acceptance authorization decisions.
Perform vulnerability and compliance scans using approved enterprise scan solutions such as Nessus and SCAP to validate status.
Active Top-Secret Clearance with SCI Eligibility
DHS Suitability preferred
Required Skills and Education:
Bachelor's degree in Information Security or relevant field
Possess 8+ years of experience conducting security control assessment of all NIST 800-53 controls.
Possess 3+ years' DevOps experience.
Possess 3+ years? of assessing commercial cloud environments such as Amazon Web Services (AWS) and Microsoft Azure.
Technical understanding (understand network diagrams, vulnerability and compliance scans).
Experience creating and maintaining various security documents such as the Security Control Plan/Vulnerability Security Review (SCP/VSR), System Backup and Recovery Plans (SBRP) and Plan of Action and Milestone (POA&M) tables.
Familiarity with a variety of the IT technologies, architecture, concepts, best practices, and procedures.
Strong attention to detail, ability to interface with all levels of personnel (system administrators, ISSM, Authorizing Officials, etc.).
Experience creating and maintaining various security documents such as the Security Assessment Plan.
Thorough knowledge of NIST 800-53 security controls and required documentation.
Experience with Nessus, Rapid7 Nexpose, SCAP, NMAP, etc.
Excellent Communication skills (written and oral).
Degree in Computer Science or related discipline from an accredited college or University required or the equivalent (7 years?) combination of education, professional training or work experience.
At least one of the following certifications: Security+, CAP, CASP, GSLC, CISM, CISSP
At DGS, we understand that our employees are our most valuable resource. That?s why we offer competitive compensation packages and a supportive environment with good work-life balance. In addition, we provide opportunities for growth and development so that our employees can continually develop their competencies, skills, and talents, and pursue advancement opportunities.
When you join the DGS Team you receive - Medical Insurance, Dental Insurance, Vision Insurance, Life Insurance, Short Term & Long-Term Disability, Flexible Spending Account, 401k Retirement Savings Plan with Company Match, Employee Assistance Program, Tuition and Professional Development Assistance, 529 College Savings Plan.
Dependable Global Solutions (DGS), a Security and Intelligence Firm, was founded in September 2004 as a privately held small business. DGS? principle belief is that security is not a singular endeavor. Our clients require the ability to recognize, plan for, and mitigate risk in all of its various forms.
DGS specializes in IT security, mission assurance, and intelligence operations and analysis. We build, manage, and enhance our client?s ability to identify and deal with threats and attacks in near real-time