Security Controls Assessor

Mantech International Corporation Stafford, VA
Group: MSS

Clearance Level Needed: TS/SCI

Shift: Day

Category: Cyber

ManTech International Corporation provides innovative engineering and systems integration services that help our customers solve their toughest, most intractable problems. National defense and homeland security clients depend on our rapid, cost-effective development of adaptable, interoperable, integrated solutions that provide high performance in quick-response scenarios.

ManTech is seeking a Security Controls Assessor to support the Marine Corps Sensitive Compartmented Information (SCI) Enterprise Office (SEO). Responsibilities include the security engineering of enterprise and local systems and servers across multiple security domains

** This position requires a current DoD TS/SCI clearance **

General Responsibilities:

• Stay current with latest DoD, Navy, and Marine Corps IA doctrine

• Prepare documentation such as Risk Assessment Report (RAR), System Security Plans (SSP), Security Assessment Reports (SAR), and Plan of Action and Milestones (POA&Ms) to ensure compliance with government security policies and procedures

• Assist the Government to generate and maintain security documentation for system hardware and software, to include System Security Plans, equipment lists, practices, and procedures

• Assess the performance of IA security controls based on NIST 800-53A within the IT infrastructure

• Identify IA vulnerabilities resulting from a departure from approved procedures and plans

• Evaluate potential IA security risks and make recommendations regarding corrective, mitigation, and recovery actions

• Oversee that applicable patches are implemented, including IA vulnerability alerts (IAVA), IA vulnerability bulletins (IAVB), Intelligence Community Vulnerability alerts (ICVA), technical advisories (TA), and OPDIRs

• Research, evaluate, and provide feedback on problematic IA trends and patterns in customer support requirements

• Perform system audits to assess security related factors within the IT infrastructure

• Review response actions to security incidents

• Ensure associated entities are properly maintaining repositories for all system authorization documentation

• Should include the ability to identify and analyze security requirements to recommend upgrades, patches, new applications, necessary equipment, and technical support and guidance to users

• Participate in the Continuous Monitoring process

Mandatory Skills Requirements:

• Shall meet DOD 8570 requirements for IAM III

• TS/SCI clearance

• Bachelor’s Degree (+2 years’ experience), Associate’s Degree (+4 years’ experience), or High School Diploma (+6 years’ experience)

• Must be familiar with the Risk Management Framework (RMF) process and applicable guidance (NIST 800-53, NIST 800-37, CNSSI 1253, FIPS 199, ICD 503 etc.)

• Responsible for ensuring the appropriate operational IA posture is maintained for a system or enclave

• Support and assist in the development of system security packages based on current doctrine

• Must be familiar with Certification Assessment and all respective events

o Must be familiar with security controls and respective IT infrastructure and capable of correlating applicability, validating compliance/implementation, and working with engineers for mitigations

o Participating in Self-Assessment of system security controls and results documented in SAR in preparation of Event

o Reviewing data in Xacta package to prepare for assessment

o Conducting Certification Assessment

o Reviewing Technical Assessment: (ACAS, SCAP, PPS Verification, STIGS)

o Completing a Security Assess Review for the event

o Generating SCCM data elements, POA&M, SAR, and Risk Assessment Report (RAR) as required

o Publishing a POA&M report, NIST RA, NIST SCCM, SAR, SAR Table and Extensible Documents

o Importing data elements from the ATO letter into Xacta

o Documenting results/deliverable artifacts (results from the SCA audit, STIG Checklists, POA&Ms, reports, scans)

o Documentation uploaded into Xacta for accreditation review

o Experience with Tenable Security Center

Other Skills Preferred:

• Knowledge of information security systems and applications for DoD projects

• Knowledge of DoD 8510.01

• Risk Management Framework (RMF) Process

• Intelligence Community Directive (ICD) 503

• Intelligence Community Information Technology Systems Security Risk Management

• Other Emerging IA policies

Requires Bachelor's degree in (field mathematics, telecommunications, electrical engineering, computer engineering, computer science) or related discipline, and two to four years' related experience or Certification in systems administrator, network certification, etc. six to eight years of experience.

Similar jobs you might like