Remote Security Control Accessor

Summary

Join Arlo Solutions as a Cybersecurity Analyst to support the Defense Security Cooperation Agency (DSCA) Cybersecurity team by providing expertise in Risk Management Framework (RMF) activities, security control assessments, and cybersecurity responsibilities.

Responsibilities

• Assist in the evaluation and assessment of security controls to ensure they meet required standards and are effectively implemented
• Collaborate with ISSM/ISSOs to review and validate security controls, ensuring compliance with RMF requirements
• Ensure that controls with the tools are properly documented, implemented, and tested to meet compliance standards
• Work with control owners to gather necessary evidence and documentation for control validation
• Support steps of the RMF process, such as the assessment phase
• Assist in the preparation and maintenance of RMF documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plan of Action and Milestones (POA&Ms)
• Ensure that RMF activities are aligned with DSCA CYBR responsibilities and requirements
• Validate IT controls to ensure they are effectively mitigating risks and protecting information systems
• Conduct regular reviews and assessments of IT controls to identify any gaps or weaknesses
• Provide recommendations for improving IT controls and addressing any identified deficiencies
• Support the validation of controls in accordance with FISCAM guidelines
• Ensure that financial and information system controls are properly implemented and functioning as intended
• Assist in the preparation of audit documentation and responses to audit findings
• Support the integration of security practices into the DevSecOps pipeline to ensure secure development and deployment of applications
• Collaborate with operations teams to implement security controls and practices throughout the software development lifecycle
• Monitor and assess the security of applications and systems within the DevSecOps pipeline
• Prepare and submit regular reports on the status of security controls, RMF activities, and DevSecOps pipeline security
• Provide detailed documentation and evidence to support security assessments and audits
• Work closely with other cybersecurity team members, control owners, and stakeholders to ensure effective implementation and validation of security controls
• Communicate findings, recommendations, and status updates to relevant parties in a clear and concise manner
• Ensure the Continuous Monitoring section of eMASS is completed
• Configure ACAS scans in accordance with ACAS Best Practice Guide
• Configure scanning policies and credentials within ACAS to ensure accurate scan data
• Provide ongoing vulnerability reports to technical teams to assist in remediation efforts
• Assist Trellix lead with ePO configuration and maintenance of Trellix ESS suite
• Perform quarterly STIG checklists for Trellix ESS modules
• Maintain configuration of cloud-based internet isolation (CBII) technology
• Complete requests for URL whitelisting within CBII administrative console
• Review requests to whitelist applications utilizing Microsoft AppLocker for endpoints