Senior IT Security Assessor (IV&V)
Please go to our website to apply: https://www.caskgov.com/careers/openings/
POSITION: Sr. IT Security Assessor (IV&V)
LOCATION: Suffolk, VA
CLEARANCE: Top Secret clearance with Top Secret Sensitive Compartmented Information (TS-SCI) access Required
TRAVEL: Less than 10%
The Contractor will serve as a Sr. IT Security Assessor in support of the JS IV&V efforts using automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess security vulnerabilities and deficiencies of JS information systems to include enclaves, networks, applications, services, software, and Platform IT (PIT).
As an IT Security Assessor, the Contractor is required to hold a Top Secret clearance with Top Secret Sensitive Compartmented Information (TS-SCI) access, appropriate Cybersecurity workforce certification(s) at the IAM II/IAT-III level including a minimum of 5-7 years of task-related experience. A Bachelor’s degree from an accredited college in Engineering, Computer Science, or Cybersecurity is preferred. CISSP and Certified Authorization Professional (CAP) preferred. NIST and Risk Management Framework experience required. The Contractor will coordinate with the appropriate JDIR ISO or PM to identify appropriate ISSM, ISSO, and other points of contact to obtain required artifacts for evidence, examination, and inspection before, during, and post-assessments. The Contractor will conduct in-depth vulnerability assessments and asset information system auditing (e.g., servers, workstations, network appliances, storage devices, and applications), review security controls and configurations, and validate if security objectives and goals are met, and, where applicable, review compliance requirements and best practices. The contractor will request a POA&M and vulnerability scan results/documentation and will review and request system owner inputs for unmitigated exploitable items over 21 calendar days old. The Contractor will produce Security Assessment Plans (SAPs) for government approval prior to the assessment, record findings during the assessment, and produce a Security Assessment Report (SAR) for the JS SCA and AO following the assessment period.
IV&V specific tasks are as follows:
• Establish and confirm the visibility of JS assets at JDIR and JS application service provider data center locations.
• Assess the compliance, effectiveness, or changed state of security controls protecting the JS-owned or operated portion of the DoD Information Network (DoDIN) and separately operated ISs.
• Assess STIG checklists for accuracy and assist system owner/ISSM in importing validated scans to eMASS and linking to applicable security controls.
• Work closely with the System Certification Specialists, Risk Manager, Compliance Analyst, eMASS System Administrator, and system PM/ISO/ISSMs.
• Complete 100% accurate IV&V inspections as attested to by an ISSM SAR review for RMF Step 4 assessments, and assessments IAW NIST guidance for JS authorized systems in continuous monitoring.
• The IV&V Team will develop an organizational continuous monitoring plan that supports all JS support information system owners and JS authorized systems.
• Provide a written Security Assessment Plan (SAP) documentation prior to each independent security control assessment.
• Review the IV&V SOP quarterly at a minimum, and update changes occur; provide to the government for approval quarterly.
• Provide input to and participate in updating the JS RMF Process Guide, on a quarterly basis at minimum or as changes occur; provide for government approval quarterly.
• The IV&V Team will generate an annual schedule of planned IV&V site visits and provide for government approval prior to the start of the first assessment
• Provide a weekly status report to the government of all active IV&V assessments.
• IV&V team will provide an annual report to the government on organizational lessons learned, systemic non-compliance security controls, recommendations to the JS CIO & AO for improved security control compliance,
• Improve processes and plans to ensure the most efficient use of government time and money using past work experience, knowledge, and available NIST/CNSS/DoD/CJCS/JS guidance.
Required Skills / Qualifications
• 5 -7 years of related experience
• Bachelor’s Degree in Computer Science or related discipline
• Ability to communicate clearly and succinctly in written and oral presentations
• Active Top Secret clearance with Top Secret Sensitive Compartmented Information (TS-SCI) access
• CISSP Certification
Cask is a woman-owned small business (WOSB) founded in 2004 by a group of professionals who saw the need to help clients use and unlock the value of technology in more efficient, cost-effective ways. Cask delivers business and technology advisory and consulting services to help our customers achieve success. Cask is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, age, status as a protected veteran, among other things, or status as a qualified individual with a disability.