Please scroll down, To apply

SCA-R NSS

hiring now

Gray Tier Technologies

2024-11-06 09:43:32

Job location Springfield, Virginia, United States

Job type: fulltime

Job industry: I.T. & Communications

Job description

Gray Tier Technologies is seeking a Security Control Assessor

Primary Responsibilities:

  • Execute in-depth security control assessments (SCAs) for National Security Systems (NSS) in compliance with NIST RMF and CNSS policy, ensuring the highest level of system security.
  • Develop and maintain formal documentation, including NSS-specific SOPs and Concept of Operations (CONOPs), to streamline and enhance the authorization process.
  • Analyze cyber risk indicators stemming from system threats and vulnerabilities and provide detailed cybersecurity risk recommendations in support of NSS continuous monitoring activities.
  • Research, develop, and implement policies to improve the effectiveness and efficiency of the security authorization process while minimizing operational impacts on critical NSS systems.
  • Conduct vulnerability scans, create Body of Evidence (BoE) artifacts, and produce Security Assessment Reports (SARs) to document risk levels and recommended mitigations.
  • Provide in-depth analysis of cyber threat actor behavior and create detailed white papers to inform DHS NSS of potential risks and threat trends.
  • Actively participate in security meetings, including engineering review boards and cybersecurity supply chain risk management (C-SCRM) sessions, to inform and support NSS initiatives.
  • Develop automated assessment tools and dashboards to support continuous monitoring and ongoing authorization processes, leveraging tools like Splunk, Tenable, and Axonius.

Basic Qualifications:

  • Bachelor's Degree in Information Technology, Cybersecurity, or a related technical field (or equivalent experience) AND 4+ years experience OR AS/AA with 6+ years experience OR HS/GED with 8+ years experience
  • Expertise in NIST RMF and CNSS policy frameworks, with the ability to apply them to secure National Security Systems.
  • Strong background in cybersecurity risk analysis and reporting, with experience in creating detailed BoE artifacts.
  • Proficiency in using cybersecurity tools for vulnerability scanning and continuous monitoring.
  • Local to D.C. or Virginia with ability to work on-site for classified work.

Preferred Qualifications:

  • Expertise in conducting SCAs and cybersecurity assessments for NSS in accordance with NIST RMF and CNSS guidelines.
  • Extensive knowledge of risk management and mitigation techniques tailored to high-security environments, such as those encountered in NSS.
  • Experience developing and maintaining cybersecurity SOPs and CONOPs, with a focus on streamlining the risk assessment and authorization process.
  • Proficiency in using vulnerability assessment tools such as Nessus, Splunk, and AppDetective, along with MGMT compliance tools like CSAM-S.
  • Strong analytical skills to assess cyber threats, identify trends, and create actionable risk mitigation strategies through continuous monitoring.
  • Adept at creating Body of Evidence (BoE) artifacts, security reports, and other documentation required for high-risk systems.
  • Demonstrated ability to lead cross-functional teams in high-security environments and collaborate with government leads and stakeholders.
  • Certifications such as CISSP, CEH, GPEN, or CNSS-related credentials.
  • In-depth knowledge of supply chain risk management and its impact on national security.
  • Experience with federal cybersecurity policies, including DHS 4300B.
  • Hands-on experience developing cybersecurity risk assessments and strategies in classified environments.
  • Familiarity with emerging cybersecurity threats and trends impacting NSS systems

CLEARANCE REQUIRED:
• Must be able to obtain and maintain an DHS Entry on Duty (EOD) clearance and hold an active Top Secret clearance with SCI eligibility.

Inform a friend!

<!– job description page –>
Top