Security Control Assessor Team Lead

SysEng.png

See a complete list of our open positions

Apply at the Bottom of the Page

IC-CAP LLC is a Woman Owned / HUBZone Small Business working in the Department of Defense and Intelligence Community.  We are always looking for highly talented, energetic, and dynamic professionals that are interested in protecting the defense of our nation.  

 

Some of the positions are future positions.  Please look at the opening line of the job description to determine if this is an open or future position.  

We are looking to fill this position at the following location(s):

    Arlington, VA

Job Description

This is a future position that may come open but is not open at the present moment.  We are willing to prescreen personnel for these positions if you are interested.



Security Control Assessor Team Lead:


  • Specialized experience with flag-officer level briefings and senior-level interface.

  • Demonstrated knowledge of aircraft programs and systems.

  • 5 years team leadership or management experience.



Job Description:




Provide Program Protection Cybersecurity Services:


The Candidate shall provide Cybersecurity Services throughout the cybersecurity lifecycle process for Information Systems (IS), Platform Information Technology (PIT), Information Technology (IT) Services, and IT products that are or will be assessed or assessed and authorized by Authorizing Officials (AOs) within the F-35 Enterprise. The contractor shall prepare materials for, and participate in, weekly staff meetings. The contractor shall perform all six steps of the RMF/JSIG processes as captured below, with a focus on Steps 4 and 5, Assessing Security Controls and Authorizing the System.


  • Categorize System. The Candidate shall participate, as required, in the system categorization of each system and maintain the formal decision document as a part of the F-35 System’s Security Assessment Package

  • Select Security Controls. The Contractor shall provide assistance to the Information System Owner (ISO) in Security Control Traceability Matrix (SCTM) negotiations for formal tailoring of system security control requirements. The Contractor shall maintain the formal SCTM submission as part of the F-35 System’s Security Assessment Package

  • Implement Security Controls. The Contractor shall participate in Preliminary and Critical Design Reviews (PDR/CDR) to ensure proposed design and implementation of controls are in accordance with DoD cybersecurity standards and have not deviated from the tailored SCTM

  • Assess Security Controls. The Contractor shall create a Security Assessment Report which shall encompass evaluation of all written artifacts within the formal Security Assessment Package submitted by the ISO, results of the Independent Validation and Verification (IV&V) test, and Security Assessment (SA) event

  • Authorize System. The Contractor shall validate all required artifacts in the Information System Security Manager / Engineer (ISSM / ISSE) assembled Security Assessment Package are current and representative of the systems being presented for AO adjudication. The Contractor shall provide a formal written recommendation within the Security Assessment Report to the AO for review and final acceptance

  • Monitor Security Controls. The Contractor shall evaluate Continuous Monitoring (ConMon) Plans and shall participate in Operational Assessments




Provide Security Control Assessor Services.


  • The Candidate shall perform oversight of the development, implementation and evaluation of information system security program policy, with special emphasis placed upon integration of existing SAP network infrastructures. The Candidate shall perform analysis of network security, based upon the RMF Assessment and Authorization (A&A) process and advise customer on IT certification and accreditation issues.

  • Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration of existing SAP network infrastructures

  • Perform analysis of network security, based upon the RMF and Joint Special Access Program Implementation Guide (JSIG) authorization and assessment processes (A&A); advise customer on IT and A&A issues

  • Perform risk assessments and make recommendations to customers

  • Advise the AO, Delegated Authorizing Official (DAO), Office of Chief Information Officer (OCIO), and/or Program Security Officer (PSO) on assessment methodologies and processes

  • Evaluate certification documentation and provide written recommendations for accreditation to Government Program Managers (PMs)

  • Review system security to accommodate changes to policy or technology

  • Evaluate IT threats and vulnerabilities to determine whether additional safeguards are needed.

  • Advise the government concerning the impact levels for confidentiality, integrity, and availability for the information on a system

  • Facilitate ensuring certification for each information system

  • Develop, implement, provide guidance, and enforce Automated IS (AIS) security policies and procedures

  • Facilitate the necessary technical training for Information System Security Officers (ISSOs), network administrators, and other AIS personnel to carry out their duties

  • Develop, review, endorse, and recommend action by the DAO of system certification documentation

  • Facilitate ensuring procedures are in place for clearing, purging, declassifying, and releasing system memory, media, and output

  • Conduct certification tests that include verification that the features and assurances required for each protection level fare functional

  • Maintain a repository for all system certification/accreditation documentation and modifications

  • Coordinate AIS security inspections, tests, and reviews

  • Develop policies and procedures for responding to security incidents and for investigating and reporting security violations and incidents

  • Facilitate ensuring proper protection and/or corrective measures have been taken when an incident or vulnerability has been discovered within a system.

  • Facilitate ensuring that data ownership and responsibilities are established for each AIS, to include accountability, access rights, and special handling requirements

  • Develop and implement an information security education, training, and awareness program, to include attending, monitoring, and presenting local AIS security training

  • Complete and document security testing and evaluations

  • Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed

  • Assess changes in the system, its environment, and operational needs that could affect the accreditation

  • Conduct periodic testing of the security posture of the AIS

  • Facilitate ensuring configuration management for security-relevant AIS software, hardware, and firmware are properly documented.

  • At the conclusion of each security assessment activity, prepare the final Security Assessment Report containing the results and findings from the assessment

  • Evaluate and monitor Plan of Action and Milestone (POA&M) activities to ensure proper and timely remediation actions are taken with respect to identified weaknesses and suspense dates for each IS based on findings and recommendations from the Security Assessment Report.

  • Facilitate ensuring that system recovery processes are monitored to ensure that security features and procedures are properly restored

  • Facilitate ensuring all AIS security-related documentation is current and accessible to properly authorized individuals

  • Facilitate ensuring that system security requirements are addressed during all phases of the system life cycle.

  • Participate in self-inspections; identify security discrepancies and report security incidents

  • Coordinate all technical security issues outside of area of expertise or responsibility with Senior Systems Engineer (SSE)

  • Provide expert research and analysis in support of expanding programs and area of responsibility

  • Perform file transfers between local systems to storage devices.




Education and Experience:


  • SENIOR: A Senior level person within a labor category for this TO has at least 10 years of experience performing work related to the labor category functional.

  • Six years must pertain specifically to the labor category (e.g. Security Control Assessor must have at least six years performing duties specific to Security Control Assessment and Cybersecurity) while the remaining experience must pertain to a related labor category (e.g. any other security discipline).

  • MA/MS degree

  • Bachelor’s Degree plus 4 years additional work experience related to the labor category functional description may be substituted for a Master’s Degree.

  • A Senior level person typically works on high-visibility or mission critical aspects of a given program and performs all functional duties independently. A Senior level person may oversee the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific job.




Certifications:


  • IAT / IAM Level III at date of hire.




Security Clearance:


  • Top Secret SCI / SAR

You are applying for the position of 
Security Control Assessor Team Lead
arrow&v
Upload Your Resume