Remote Security Control Accessor

Summary

Join Arlo Solutions as a Security Control Accessor – Senior to support the Defense Security Cooperation Agency (DSCA) Cybersecurity team by providing expertise in Risk Management Framework (RMF) activities, security control assessments, and cybersecurity responsibilities.

Requirements

• Must be a US Citizen
• Secret clearance
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, OR an additional four years of experience
• Minimum of three years of relevant experience in cybersecurity, information assurance, or a related field
• Experience with the Risk Management Framework (RMF) and security control assessments is highly desirable
• Knowledge of NIST 800 series guidelines
• Experience in IT controls validation and familiarity with Federal Information System Controls Audit Manual (FISCAM) guidelines
• Experience in incident response, continuous monitoring, and vulnerability management
• Certifications such as CISSP, CISM, CISA, CAP, or equivalent are highly desirable

Responsibilities

• Assist in the evaluation and assessment of security controls to ensure they meet required standards and are effectively implemented
• Collaborate with ISSM/ISSOs to review and validate security controls, ensuring compliance with RMF requirements
• Prepare and validate security controls in accordance with RMF, IT, and FISCAM guidelines
• Ensure that all controls are properly documented, implemented, and tested to meet compliance standards
• Work with control owners to gather necessary evidence and documentation for control validation
• Support all steps of the RMF process, including categorization, control selection, implementation, and assessment
• Assist in the preparation and maintenance of RMF documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plan of Action and Milestones (POA&Ms)
• Ensure that RMF activities are aligned with DSCA CYBR responsibilities and requirements
• Validate IT controls to ensure they are effectively mitigating risks and protecting information systems
• Conduct regular reviews and assessments of IT controls to identify any gaps or weaknesses
• Provide recommendations for improving IT controls and addressing any identified deficiencies
• Support the validation of controls in accordance with FISCAM guidelines
• Ensure that financial and information system controls are properly implemented and functioning as intended
• Assist in the preparation of audit documentation and responses to audit findings
• Support the integration of security practices into the DevSecOps pipeline to ensure secure development and deployment of applications
• Collaborate with development and operations teams to implement security controls and practices throughout the software development lifecycle
• Monitor and assess the security of applications and systems within the DevSecOps pipeline
• Maintain accurate and up-to-date documentation of all RMF, IT, and FISCAM controls validation activities
• Prepare and submit regular reports on the status of security controls, RMF activities, and DevSecOps pipeline security
• Provide detailed documentation and evidence to support security assessments and audits
• Work closely with other cybersecurity team members, control owners, and stakeholders to ensure effective implementation and validation of security controls
• Communicate findings, recommendations, and status updates to relevant parties in a clear and concise manner
• Ensure the eMASS->System section of the portal is properly filled out
• Ensure the Continuous Monitoring section of eMASS is completed
• Ensure the STIG list, hardware list, software list, topology compliment each other
• Ensure the inheritance section in eMASS is properly completed and applied