Security Control Assessor Representative

Summary

Dark Wolf Solutions is seeking a Security Control Assessor Representative (SCAR) to perform comprehensive assessments of IT systems' security controls, ensuring compliance with federal, DoD, and DAF requirements. The SCAR candidate must have prior experience in authorizing tools/applications, systems, and enclaves, knowledge of network security, and proficiency in assessing DoD GovCloud environments.

Requirements

• 10 years of relevant Cyber experience
• 5+ years prior experience as a Security Control Assessor/Representative, RMF Engineer, ISSO, ISSM and/or information assurance engineer
• Cloud Platform experience with at least one service offering from AWS, Azure, or Google GCP
• Hands-on eMASS and/or Xacta experience completing full system lifecycle activities
• Experience with Air Force risk management policies/procedures, to include, DODI 8510.01, AFI 17-101
• Experience with Cloud Computing Security Requirements Guide (CC SRG)
• Knowledgeable with DoD DevSecOps Fundamentals Playbook
• Experience evaluating information security compliance against STIGs
• Ability to clearly articulate ideas
• Strong technical writing abilities to author reports for AO and CISO dissemination
• Exudes confidence in providing briefings, presentations, and in conducting/guiding meetings with senior leadership and stakeholders
• Ability to use prior experience and knowledge to address new situations
• B.A. or B.S. Information Security, Computer Science or related discipline
• US Citizenship and currently possess a Secret security clearance

Responsibilities

• Evaluating IT infrastructure in terms of risk to the organization and defining artifacts required to meet Federal, DoD and DAF requirements
• Assessing IT systems and architecture to ensure compliance with the Risk Management Framework (RMF), NIST Cybersecurity Framework (CSF), NIST 800-53 revision 5 and applicable guidance
• Supporting the system/application assessment and authorization (A&A) effort, to include assessing and guiding the quality and completeness of A&A activities, tasks and resulting artifacts mandated by governing DoD and AF policies, and applicable mandates
• Collecting, reviewing and verifying documented business processes within process narratives or flowcharts, identifying risks and validating proficiency of mitigating controls
• Reviewing risk and control matrices and testing plans for key controls and determines effectiveness
• Identifying control gaps, reviewing and testing the design of existing controls
• Formulating clear and concise conclusions on internal controls and business process efficiency
• Recommending policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data
• Conducting risk and vulnerability assessments of installed information systems to identify vulnerabilities, risks, and protection needs
• Reviewing Plans of Actions & Milestones (POA&Ms)
• Providing recommendations and reports to the Security Control Assessor (SCA), Authorizing Official (AO), Chief Information Security Officer (CISO)
• Reviewing network and systems design to ensure accuracy
• Ensuring the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services

Preferred Qualifications

• Experience with Fast Track ATO Handbook & AF Continuous ATO Playbook
• Familiarity with CI/CD Pipelines
• DevSecOps experience
• Sharepoint, JIRA, Confluence familiarity

Benefits

The estimated salary range for this position is $140,000.00 - $170,000.00, commensurate on experience and technical skillset