MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


I'm not curious

Security Control Assessor (Blue Team)

Location Saint Louis, United States
Posted 12-July-2018
Description
Responsibilities - Must have current TS/SCI and able to pass a polys within 60 days of hire

- Working knowledge of ICD 503 process and procedures to include NIST SP 800-30, 800-37, 800-39, 800-47, 800-53/A, 800-60, 800-137, CNSSI-1253, CNSSI-4009, CNSSP-22 and FISMA compliancy requirements

- Communicate effectively (written and verbal) with all members of an organization and work in a diplomatic and professional demeanor

- Conduct security impact analyses of controls on proposed system changes

- Developed or reviewed systems security artifacts which includes SSAA, SSP, RMM, SRTM, CTP, CMP, DRP, SAP/SAR and POA&Ms

- Develop and assist in development of Plan of Action and Milestones (POA&M) containing corrective actions and milestones required for unacceptable risks and deficiencies.

- Perform vulnerability scanning of infrastructure, applications, and external penetration testing

- Conduct Incident Response testing to evaluate processes for detection, response, and reporting of security incidents

- Prepare report Security Assessment Reports containing findings and recommendations for remediation

- Provide configuration management and control processes to integrate security and risk management

- Implement a continuous monitoring strategy appropriate for systems, leveraging existing tools, efforts, and incorporating new automation techniques

- Provide A&A status updates/reports and briefings per customer's required format

- Demonstrated ability to simultaneously manage and track multiple systems and/or programs involved in the A&A process

- Must obtain appropriate 8570 Certification within 90 days of hire and maintain certification throughout employment

DESIRED SKILLS:
- Current certification compliant with DoD 8570 IASAE level 2 or 3 (CISSP or equivalent).

- Working knowledge or experience with DIACAP, DCID 6/3 and ICD 503/RMF

- System Testing methodologies experience (includes: penetration testing, configuration analysis and security best practices validation) as well as experience with a variety of security testing and penetration testing tool sets (includes: WASSP, SECSCN, Backtrack 5, ACAS/Nessus (Security Center & Nessus Vulnerability Scanner), Wireshark, Retina & Tripwire, HP Fortify)

- Network Discovery & Visual Analytics experience (i. e., IP Sonar, etc.)

- Red/Blue team assessment experience

- Ability to develop automated tools using Java, Ajax, SQL, Perl and Python

- Cyber Incident handling

- Working knowledge of Forensic tools and analysis

- Experience using XACTA

- Experience within the Intelligence Community

EDUCATION & EXPERIENCE:
Typically requires a bachelor's degree or equivalent and two to 15 years of related experience.

PHYSICAL DEMANDS:
Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.

Awards & Accolades for MyTechLogy
Winner of
REDHERRING
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url

Back to Top