Security Control Assessor

Title: Security Control Assessor

Location: Reston, VA, Bethesda, MD

Security Clearance: Top Secret/SCI with a Full Scope Polygraph

Schedule: Monday - Friday in person. Telework and Remote opportunities are not available for this position.

About KACE:

When you make the decision to join KACE, you are choosing to work alongside talented professionals that have one thing in common; the passion to make a difference! KACE employees bring their diverse talents and experiences to work on critical projects that help shape the nation’s safety, security, and quality of life. The desire to have a career that is purposeful and forward thinking is woven into every KACE employee…it’s The KACE Way. KACE employees are; purpose driven, forward focused, open-minded, trustworthy and invested. The KACE Way is our commitment to our employees, to our customers, and to our communities. Join KACE and make a difference!

Job Summary:

Evaluates and validates program and project Security Control Self-assessments of systems and architectures to discover, document, and report risks in support of Authorizing Official or designee (AO, D/AO) during risk-based decisions for the granting of Authorization to Operate (ATO). 

Essential Functions and Responsibilities:

• Review, detect, and document gaps and conflicting information within the Body of Evidence (BoE) presented during validation assessments by Programs and projects via demonstrated understanding of required content and ability to generate a range of security artifacts to include SAR, SSP, Automated Scan Tool Report, POA&M, etc.). 
• Conduct architecture and system scanning to detect vulnerabilities and compliance with automated tools, and perform an analysis based on tool reports, to include/alse positive analysis and compensating controls. 
• In depth understanding of RMF, IV&V methodology and NIST 800 53 r4 and ability to perform within Telos Xacta implementation of RFM workflows. 
• Make recommendations to the IC CISO or designee for improving TTPS for better cyber threat protection. 
• Write final reports and defend all findings, including risk or vulnerability, mitigation strategies, and references. 
• Report vulnerabilities identified during security assessments. 
• Write penetration testing Rules of Engagement (ROE), Test Plans, and Standard Operating Procedures (SOP). 
• Conducted security reviews, technical research and provided reporting to increase security defense mechanisms. 

Minimum Qualifications and Skills:

• Bachelor’s degree in computer engineering, Computer Science, Electrical Engineering, Information systems, Information Technology, Cybersecurity, or a closely related discipline. 
• Four years of additional demonstrated work experience in Security Control Assessor (SCA) and Defensive Cyber Operations (DCO)Testing will be accepted in lieu of a bachelor’s degree. 
• A Master’s degree in an applicable discipline be substituted for three years of demonstrated work experience. 
• Three (3) years of cybersecurity experience with at least one year of experience conducting SCAs under ICD 503/CNSSI 1253 NIST Cybersecurity Framework, Risk Management Framework (RMF), or a similar framework. 
• One full year of SCA experiences within the last three calendar years.
• One full year supporting cloud environment and experience performing security assessments in a cloud environment (AWS, Google, IBM, Azure, and Oracle).
• Must meet Department of Defense (DOD) 8570.01-M baseline certification requirement for Information Assurances Technical (IAT) Level III CASP+CE, CCNP Security, CISA, or CISSP or Associate, GCED, GCIH, or CCSP. 
• Knowledge of Independent Verification & Validation (IV&V) of security controls. 
• Knowledge of general attack strategies (e.g., MITRE ATT&CK Framework). 
• Knowledge of NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other ICDs as appropriate. 
• Skill in conducting vulnerability scans and recognizing vulnerability in security systems (e.g., Cloud Environments) ASW, Google, IBM, Azure, and Oracle. 
• Knowledge of system and application security threats and vulnerabilities. 
• Knowledge of network access, identity, and access management e.g. public key infrastructure (PKI). 
• Knowledge of network protocols such as Transition Control Protocol/Internet Protocol (TCP/IP), Dynamic Host Configuration, Domain Name System (DNS), and directory Services. 
• Ability to assess the robustness of security systems and designs. 
• Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 
• Three years of experience performing security assessments in a cloud computing environment.
• Strong writing skills.

Clearance: 

Applicants selected may be subject to a government background investigation and may be required to meet the following conditions of employment.

Security Requirements/Background Investigation Requirements: 

• Must be a U.S Citizen or Legal Permanent Resident.
• Favorable credit check for all cleared positions 
• Successfully passing a background investigation including drug screening.

Physical Requirements/Working Conditions:

• Standing/Walking/Mobility:  Must have mobility to attend meetings with other managers and employees. Standing for prolonged and extended periods of time.
• Climbing/Stooping/Kneeling:  0% - 10% of the time.
• Lifting/Pulling/Pushing:  0% - 10% of the time.
• Fingering/Grasping/Feeling:  Must be able to write, type and use a telephone system 100% of the time.
• Sitting:  Sitting for prolonged and extended periods of time.

This job description reflects management’s assignment of essential functions; it does not prescribe or restrict the tasks that may be assigned. Management may revise duties as necessary without updating this job description.

For more information about the company please visit our website at www.kacecompany.com

KACE is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, disability or any other federal, state or local protected class.

KACE complies with federal and state disability laws and makes reasonable accommodations for applicants and employees with disabilities.

If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to [email protected].