Security Control Assessor with Security Clearance

---

Job description

Security Control Assessor
Bethesda, MD
Up to $155,000 Required Qualifications: Security Clearance: Active Top Secret SCI with Polygraph (CI or FS) Education: Bachelor's degree in Computer Engineering, Computer Science, Electrical Engineering, Information Systems, Information Technology, Cybersecurity, or a closely related field. Alternative Education/Experience: Four additional years of demonstrated experience in Security Control Assessor (SCA) and Defensive Cyber Operations (DCO) Testing may substitute for a bachelor's degree. A Master's degree in a relevant discipline may substitute for three years of work experience. Experience: Minimum of three years in cybersecurity, with at least one year conducting SCAs under frameworks such as ICD 503/CNSSI 1253, NIST Cybersecurity Framework, or Risk Management Framework (RMF). One year of SCA experience within the last three years. One year of experience supporting and performing security assessments in cloud environments (AWS, Google Cloud, IBM, Azure, Oracle). Certifications: Must meet the Department of Defense (DOD) 8570.01-M baseline certification requirements for Information Assurance Technical (IAT) Level III, such as CASP+CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, or CCSP. Technical Knowledge: Proficient in Independent Verification & Validation (IV&V) of security controls. Familiar with attack strategies, including the MITRE ATT&CK Framework. In-depth knowledge of NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other relevant ICDs. Skilled in conducting vulnerability scans and identifying vulnerabilities in security systems, especially in cloud environments (AWS, Google, IBM, Azure, Oracle). Understanding of system and application security threats and vulnerabilities. Knowledgeable in network protocols (TCP/IP, Dynamic Host Configuration, DNS, Directory Services) and identity/access management, including PKI. Ability to assess the strength and robustness of security systems and designs. Responsibilities: Provide recommendations to the IC CISO or their designee for enhancing Tactics, Techniques, and Procedures (TTPs) for improved cyber threat protection. Conduct and report on security assessments, identifying vulnerabilities and proposing mitigation strategies. Write comprehensive reports, defending all findings related to risks, vulnerabilities, and recommended mitigation measures. Develop and document penetration testing Rules of Engagement (ROE), Test Plans, and Standard Operating Procedures (SOP). , Perform security reviews and technical research to enhance security defense mechanisms. Occasional domestic and international travel (up to 25%). Other Skills: Strong writing and communication skills. Experience in writing detailed reports on security assessments and vulnerabilities. Benefits: 20 Days PTO 11 Federal Holidays 401K Match Medical, Dental, and Vision Insurance Health Savings Account

<!– job description page –>