Please scroll down, To apply

Security Control Assessor-intermediate (nga) with Security Clearance

hiring now

Quantum Research International, Inc.

2024-11-08 14:40:27

Job location Saint Louis, Missouri, United States

Job type: fulltime

Job industry: I.T. & Communications

Job description

Job Description Overview: Quantum Research International, Inc. (Quantum) provides our national defense and federal civilian and industry customers with services and products in the following main areas: 1) Cybersecurity and Information Operations; 2) Space Operations and Control; 3) Aviation Systems; 4) Ground, Air and Missile Defense, and Fires Support Systems; 5) Intelligence Programs Support; 6) Experimentation and Test; 7) Program Management; and (8) Audio/Visual Technology Applications. Quantum's Corporate Office is located in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters. In addition to our corporate office, we have physical locations in Aberdeen, MD; Colorado Springs, CO; Shalimar, FL; and Tupelo, MS. Mission: The SECURITY CONTROL ASSESSOR (Intermediate) conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST 800-37). Responsibilities: Manage and approve Accreditation Packages (e.g., ISO/IEC 15026-2). Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks. Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network. Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations. Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers). Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy. Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). Verify and update security documentation reflecting the application/system security design features. Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary. Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals. Assess the effectiveness of security controls. Assess all the configuration management (change configuration/release management) processes. Requirements: Bachelor's degree. In lieu of degree, Security+, CGRC/CAP, CASP+, Cloud+, PenTest+, or GSEC may be accepted. Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Ability to identify systemic security issues based on the analysis of vulnerability and configuration data. Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. Knowledge of cyber threats and vulnerabilities Ability to prepare and present briefings and technical documentation. Ability to collect, verify, and validate test data. Knowledge of cyber defense and vulnerability assessment tools and their capabilities. Ability to ensure security practices are followed throughout the acquisition process. Ability to apply collaborative skills and strategies. Ability to apply critical reading/thinking skills. Ability to effectively collaborate via virtual teams. Ability to evaluate information for reliability, validity, and relevance. TS/SCI eligible, subject to CI Polygraph. IAT or IAM Level 2 Desired/Preferred Skills: Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. Skill in network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tool
Equal Opportunity Employer/Affirmative Action Employer M/F/D/V: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Inform a friend!

<!– job description page –>
Top