Mount Indie is hiring a Security Controls Assessor to provide cybersecurity support to AFCENT at Shaw AFB in Sumter, SC.
In this role, you join a team of 4 SCA-R's in performing comprehensive IT security control assessments on AFCENT systems and software applications. Assessments will require travel to various contractor and Government sites inside and outside the continental United States (CONUS and OCONUS). As an SCA-R on this team, you will conduct assessments to determine the condition of the management, operational, and technical security controls employed within or inherited by an information system or software to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system).
Day to day responsibilities:
- Perform initial and continual security control assessment and validation for AFCENT networks, systems, and software applications.
- Utilize DOD approved tools such as, but not limited to - Assured Compliance Assessment Solution (ACAS), Nessus, Host Based Security Systems (HBSS), Continuous Monitoring Risk Scoring (CMRS), Online Compliance Reporting System (OCRS), and SolarWinds - to generate initial and continuous monitoring reports.
- Complete reports to support risk decisions from the AO, both as required and as requested.
- Provide an assessment on the severity of weaknesses or deficiencies discovered in the information system or software application and its environment of operation and recommend corrective actions to address identified vulnerabilities.
- Review the System Security Plan (SSP), prior to initiating the security control assessment and ensure the plan provides a set of security controls for the information system or software application that meet the stated security requirements.
- Advise the Information System Owner (ISO) concerning the impact values for confidentiality, integrity, and availability for the information on a system or software application.
- Evaluate threats and vulnerabilities to information systems or software application to ascertain the need for additional safeguards.
- Assist in creating, reviewing, and approving the information system or software application security assessment plan, which is comprised of the SSP, the Security Controls Traceability Matrix (SCTM), and the Security Control Assessment Procedure.
- Ensure security control assessments are completed for each information system or software application and ensure controls are working as intended and these controls protect the confidentiality, integrity and availability of IT resources at the appropriate levels.
- Assist with preparing the final Security Assessment Report (SAR) containing the results and findings from the assessment at the conclusion of each security control assessment activity.
- Ensure a Plan of Action and Milestones (POA&M) is initiated by the Information System Security Officer (ISSO) for the information system based on findings and recommendations from the SAR.
- Evaluate security control assessment documentation and provide written recommendations for security authorization to the AO.
- Provide expertise to execute vulnerability assessments on Platform IT systems.
- Assist with assembling and submitting the security authorization artifacts to the AO (consisting of, at a minimum, the SSP, the SAR, the POA&M, and a Risk Assessment Report (RAR).
- Assess the proposed changes to information systems or software application, their environment of operation, and mission needs to determine if they are security-relevant and could therefore affect system authorization.
- Utilize the RMF methodology to successfully implement an information technology process which shall effectively protect the element's information assets and its ability to perform its mission.
- Provide guidance to other assessors on the policies and procedures of the job; Provide detailed assessment findings using Government-specified processes and procedure.
- Provide solutions and recommendations to remedy security vulnerabilities, threats, to ultimately improve the protection of IT resources and to execute the AFCENT mission.
- Utilize assessment results to identify trends and to improve IA training, policies and processes.
- Develop reports and trend analysis's to support risk assessment decisions.
Qualified candidates must meet the following mandatory requirements:
- Must possess and maintain a Secret Clearance
- Current IAT-III or IAM-III Certification
Senior (III) and higher positions (Preferred):
- MA/MS in related field AND 3 or more years' relevant experience; or
- BS in related field AND 5 or more years' relevant IT experience; or
- 7 or more years' relevant IT experience.
Mid-level (II) or lower positions:
- BS in related field AND 1 or more years' relevant experience; or
- Associates in related field and 3 or more years' relevant IT experience; or
- 5 or more years' of relevant IT experience.