Security Control Assessor Team Lead
IC-CAP LLC is a Woman Owned / HUBZone Small Business working in the Department of Defense and Intelligence Community. We are always looking for highly talented, energetic, and dynamic professionals that are interested in protecting the defense of our nation.
Some of the positions are future positions. Please look at the opening line of the job description to determine if this is an open or future position.
We are looking to fill this position at the following location(s):
- Arlington, VA
This is a future position that may come open but is not open at the present moment. We are willing to prescreen personnel for these positions if you are interested.
Security Control Assessor Team Lead:
Specialized experience with flag-officer level briefings and senior-level interface.
Demonstrated knowledge of aircraft programs and systems.
5 years team leadership or management experience.
Provide Program Protection Cybersecurity Services:
The Candidate shall provide Cybersecurity Services throughout the cybersecurity lifecycle process for Information Systems (IS), Platform Information Technology (PIT), Information Technology (IT) Services, and IT products that are or will be assessed or assessed and authorized by Authorizing Officials (AOs) within the F-35 Enterprise. The contractor shall prepare materials for, and participate in, weekly staff meetings. The contractor shall perform all six steps of the RMF/JSIG processes as captured below, with a focus on Steps 4 and 5, Assessing Security Controls and Authorizing the System.
Categorize System. The Candidate shall participate, as required, in the system categorization of each system and maintain the formal decision document as a part of the F-35 System’s Security Assessment Package
Select Security Controls. The Contractor shall provide assistance to the Information System Owner (ISO) in Security Control Traceability Matrix (SCTM) negotiations for formal tailoring of system security control requirements. The Contractor shall maintain the formal SCTM submission as part of the F-35 System’s Security Assessment Package
Implement Security Controls. The Contractor shall participate in Preliminary and Critical Design Reviews (PDR/CDR) to ensure proposed design and implementation of controls are in accordance with DoD cybersecurity standards and have not deviated from the tailored SCTM
Assess Security Controls. The Contractor shall create a Security Assessment Report which shall encompass evaluation of all written artifacts within the formal Security Assessment Package submitted by the ISO, results of the Independent Validation and Verification (IV&V) test, and Security Assessment (SA) event
Authorize System. The Contractor shall validate all required artifacts in the Information System Security Manager / Engineer (ISSM / ISSE) assembled Security Assessment Package are current and representative of the systems being presented for AO adjudication. The Contractor shall provide a formal written recommendation within the Security Assessment Report to the AO for review and final acceptance
Monitor Security Controls. The Contractor shall evaluate Continuous Monitoring (ConMon) Plans and shall participate in Operational Assessments
Provide Security Control Assessor Services.
The Candidate shall perform oversight of the development, implementation and evaluation of information system security program policy, with special emphasis placed upon integration of existing SAP network infrastructures. The Candidate shall perform analysis of network security, based upon the RMF Assessment and Authorization (A&A) process and advise customer on IT certification and accreditation issues.
Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration of existing SAP network infrastructures
Perform analysis of network security, based upon the RMF and Joint Special Access Program Implementation Guide (JSIG) authorization and assessment processes (A&A); advise customer on IT and A&A issues
Perform risk assessments and make recommendations to customers
Advise the AO, Delegated Authorizing Official (DAO), Office of Chief Information Officer (OCIO), and/or Program Security Officer (PSO) on assessment methodologies and processes
Evaluate certification documentation and provide written recommendations for accreditation to Government Program Managers (PMs)
Review system security to accommodate changes to policy or technology
Evaluate IT threats and vulnerabilities to determine whether additional safeguards are needed.
Advise the government concerning the impact levels for confidentiality, integrity, and availability for the information on a system
Facilitate ensuring certification for each information system
Develop, implement, provide guidance, and enforce Automated IS (AIS) security policies and procedures
Facilitate the necessary technical training for Information System Security Officers (ISSOs), network administrators, and other AIS personnel to carry out their duties
Develop, review, endorse, and recommend action by the DAO of system certification documentation
Facilitate ensuring procedures are in place for clearing, purging, declassifying, and releasing system memory, media, and output
Conduct certification tests that include verification that the features and assurances required for each protection level fare functional
Maintain a repository for all system certification/accreditation documentation and modifications
Coordinate AIS security inspections, tests, and reviews
Develop policies and procedures for responding to security incidents and for investigating and reporting security violations and incidents
Facilitate ensuring proper protection and/or corrective measures have been taken when an incident or vulnerability has been discovered within a system.
Facilitate ensuring that data ownership and responsibilities are established for each AIS, to include accountability, access rights, and special handling requirements
Develop and implement an information security education, training, and awareness program, to include attending, monitoring, and presenting local AIS security training
Complete and document security testing and evaluations
Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed
Assess changes in the system, its environment, and operational needs that could affect the accreditation
Conduct periodic testing of the security posture of the AIS
Facilitate ensuring configuration management for security-relevant AIS software, hardware, and firmware are properly documented.
At the conclusion of each security assessment activity, prepare the final Security Assessment Report containing the results and findings from the assessment
Evaluate and monitor Plan of Action and Milestone (POA&M) activities to ensure proper and timely remediation actions are taken with respect to identified weaknesses and suspense dates for each IS based on findings and recommendations from the Security Assessment Report.
Facilitate ensuring that system recovery processes are monitored to ensure that security features and procedures are properly restored
Facilitate ensuring all AIS security-related documentation is current and accessible to properly authorized individuals
Facilitate ensuring that system security requirements are addressed during all phases of the system life cycle.
Participate in self-inspections; identify security discrepancies and report security incidents
Coordinate all technical security issues outside of area of expertise or responsibility with Senior Systems Engineer (SSE)
Provide expert research and analysis in support of expanding programs and area of responsibility
Perform file transfers between local systems to storage devices.
Education and Experience:
SENIOR: A Senior level person within a labor category for this TO has at least 10 years of experience performing work related to the labor category functional.
Six years must pertain specifically to the labor category (e.g. Security Control Assessor must have at least six years performing duties specific to Security Control Assessment and Cybersecurity) while the remaining experience must pertain to a related labor category (e.g. any other security discipline).
Bachelor’s Degree plus 4 years additional work experience related to the labor category functional description may be substituted for a Master’s Degree.
A Senior level person typically works on high-visibility or mission critical aspects of a given program and performs all functional duties independently. A Senior level person may oversee the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific job.
IAT / IAM Level III at date of hire.
Top Secret SCI / SAR