Security Control Assessor with Security Clearance

---

Job description

Security Control Assessor
McLean, VA
Salary up to $150,000 (commensurate with experience) Requirements: Education: • Bachelor's degree in Computer Engineering, Computer Science, Electrical Engineering, Information Systems, Information Technology, Cybersecurity, or a closely related discipline. • Four years of additional work experience in Security Control Assessor (SCA) and Defensive Cyber Operations (DCO) Testing may substitute for a bachelor's degree. • A Master's degree in an applicable discipline can substitute for three years of demonstrated work experience. Experience: • Minimum of three years in cybersecurity, with at least one year conducting SCAs under frameworks like ICD 503/CNSSI 1253, NIST Cybersecurity Framework, or Risk Management Framework (RMF). • At least one full year of recent SCA experience within the last three calendar years. • One full year of experience in supporting and performing security assessments in cloud environments (AWS, Google, IBM, Azure, and Oracle). Certifications: • Must meet Department of Defense (DOD) 8570.01-M baseline certification requirements for Information Assurance Technical (IAT) Level III: CASP+CE, CCNP Security, CISA, CISSP or Associate, GCED, GCIH, or CCSP. Skills and Knowledge: • Knowledge of Independent Verification & Validation (IV&V) of security controls. • Understanding of general attack strategies (e.g., MITRE ATT&CK Framework). • Familiarity with NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other relevant ICDs. • Skill in conducting vulnerability scans and identifying vulnerabilities in security systems, especially in cloud environments. • Expertise in risk-based assessments within Operational Technology (OT) systems, including threat identification, regulatory compliance, and impact analysis on critical operations. • Deep understanding of OT systems, architectures, components, and security assessment tools/resources like MITRE ATT&CK for Industrial Control Systems and the National Vulnerability Database (NVD). • Ability to recommend improvements to cyber threat protection tactics, techniques, and procedures (TTPs) to the IC CISO or designee. • Knowledge of system and application security threats and vulnerabilities. • Familiarity with network access, identity, and access management (e.g., public key infrastructure PKI ). • Understanding of network protocols (e.g., TCP/IP, DNS, DHCP, and directory services). • Ability to assess the robustness of security systems and designs. • Understanding of cybersecurity principles and organizational requirements (confidentiality, integrity, availability, authentication, non-repudiation). • Strong writing skills for documenting and defending findings, mitigation strategies, and reporting vulnerabilities identified during security assessments. • Experience in writing penetration testing Rules of Engagement (ROE), Test Plans, and Standard Operating Procedures (SOP). • Experience in conducting security reviews, technical research, and reporting to enhance security defense mechanisms. • Travel: Domestic and International Travel: 0-25% Benefits: • 20 Days of PTO • 10 Federal Holidays • Dental, Vision, and Medical Insurance • Tuition Assistance • 401K Match • Health Savings Account

<!– job description page –>