ISSO/Security Control Assessor (SCA) Level II

In support of the Department of Homeland Security’s Cyber Security Division under the newly created Cyber and Infrastructure Security Agency, The National Cybersecurity Protection System (NCPS), also known as the EINSTEIN set of capabilities, is an integrated system of intrusion detection, analytics, intrusion prevention, and information sharing capabilities that defend the federal executive branch civilian government’s IT infrastructure from cyber threats. The Enhanced Cybersecurity Services (ECS) program is a key avenue through which DHS fulfills its mission to protect U.S. based public and private entities from cybersecurity threats. ECS provides intrusion prevention capabilities that help U.S.-based companies protect their computer systems against unauthorized access, exploitation, and data exfiltration.

In support of these efforts, our Security Control Assessor will:

• Perform and lead Risk Management Framework (RMF) assessments, authorizations, and monitoring steps for systems following NIST and ICD 503 standards and best practices.
• Work in close coordination with all system stakeholders - Create and maintain existing information system security documentation, including System Security Plan (SSP), Security Controls Matrix and/or Assessment, and Security Configuration Guide (controlled changes to the system).
• Develop or modify implementation and design documents describing how security features are implemented. Prepare system documentation for assessment in accordance with the Risk Management Framework (RMF) and NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions.
• Performs host, network, cloud, application based security control assessments
• Create security policies and maintain existing information system security documentation
• Conduct comprehensive assessment of the management, operation, and technical controls to determine overall effectiveness of controls
• Conduct periodic and continuous reviews of the system to ensure compliance with the authorization package
• Responsible for elements of physical and environmental protection, personnel security, incident handling, and security training and awareness and ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures
• Participate in the change management process, including reviewing Requests for Change (RFC) and assist in the assessment of a potential change's security impact
• Conduct daily, weekly and monthly audit review and management of the audit collection system
• Continuously review and evaluate vendor, security, and business best practices for implementing a comprehensive audit program
• Remain sensitive to security infractions and assist in security investigations and responses as requested
• Monitor system recovery processes to ensure security features and functions are properly restored and functioning correctly following an outage

Required Skills:

• Bachelor’s degree required and 5 years of experience applying RMF, 800-53 and Government IT security frameworks
• Knowledge of IT audits, including conducting technical security compliance tests and vulnerability assessments.
• Knowledge of Government security requirements for access control
• Demonstrated ability to use MS Office Suite to include Word, PowerPoint, and Excel.
• Superior communication skills, both written and oral.
• US Citizenship
• A U.S. Government TS/SCI Clearance

Desired Skills:

• Certifications in at least one of the following such as SCP, Cisco Certified Network Associate (CCNA)-Security, GIAC Security Essentials Certification (GSEC), Certified Information Systems Auditor (CISA), GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED), CISSP, CompTIA Advanced Security Practitioner (CASP) or comparable
• Advanced degree in Computer Science, Cyber Security, Mathematics, or Engineering is highly desirable.
• DHS Suitability and experience