Security Control Assessor (Active Polygraph Required)

Company: General Dynamics Information Technology
Location: Bethesda
Posted on: January 23, 2023

Job Description:

Type of Requisition: RegularClearance Level Must Be Able to Obtain: Top Secret SCI + PolygraphPublic Trust/Other Required: NoneJob Family: Cyber SecuritySeize your opportunity to make a personal impact as a Security Control Analyst supporting customer activities. GDIT is your place to make meaningful contributions to challenging projects and grow a rewarding career.At GDIT, people are our differentiator. As a Security Control Analyst, you will help ensure today is safe and tomorrow is smarter. Our work depends on a SCA joining our highly skilled team to be a premier provider of cyber security services to the customer. We provide consummate cyber security risk management as a service platform across multiple fabrics and centers. We have responsibility to ensure operational IT capabilities provide the client with necessary timeliness, accuracy and security of information demanded from all our highly professional roles. Be the change, lead our change join us!HOW A SCA WILL MAKE AN IMPACT

• Make recommendations to the IC CISO or designee for improving TTPS for better cyber threat protection.
• Knowledge of system and application security threats and vulnerabilities.
• Knowledge of network access, identity, and access management e.g. public key infrastructure (PKI)
• Knowledge of network protocols such as Transition Control Protocol/Internet
• Protocol (TCP/IP), Dynamic Host Configuration, Domain Name System (DNS), and directory Services.
• Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Report vulnerabilities identified during security assessments.
• Write penetration testing Rules of Engagement (RoE), Test Plans, and Standard Operating Procedures (SOP).
• Conduct security reviews and technical research and provided reporting to increase security defense mechanisms.WHAT YOULL NEED TO SUCCEED:
  • Education : Bachelors (Computer engineering, Computer Science, Electrical Engineering, Information systems, Information Technology, Cybersecurity, or a closely related discipline)
  • Four years of additional demonstrated work experience in Security Control Assessor (SCA) and Defensive Cyber Operations (DCO)Testing will be accepted in lieu of a bachelors degree.
  • A Masters degree in an applicable discipline be substituted for three years of demonstrated work experience.
  • Required Experience : 6+ yrs
  • Required Technical Skills:
  • Three (3) years of cybersecurity experience with at least one year of experience conducting SCAs under ICD 503/CNSSI 1253 NIST Cybersecurity Framework, Risk Management Framework (RMF), or a similar framework.
  • One full year of SCA experiences within the last three calendar years.
  • One full year supporting cloud environment and experience performing security assessments in a cloud environment (AWS, Google, IBM, Azure, and Oracle).
  • Skill in conducting vulnerability scans and recognizing vulnerability in security systems (e.g., Cloud Environments) AWS, Google, IBM, Azure, and Oracle.
  • Knowledge of general attack strategies (e.g., MITRE ATT&CK Framework).
  • Knowledge of NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other ICDs as appropriate.
  • Knowledge of Independent Verification & Validation (IV&V) of security controls.
  • Security Clearance Level : TS/SCI with active polygraph
  • Required Skills and Abilities:
  • Ability to assess the robustness of security systems and designs.
  • Three years of experience performing security assessments in a cloud computing environment.
  • Strong writing skills.
  • Write final reports and defend all findings, including risk or vulnerability, mitigation strategies, and references.Report vulnerabilities identified during security assessments.
  • Desired Certifications: Department of Defense (DOD) 8570.01-Manual (M) Information Assurances Workforce Improvement Program requirement for Information Assurance Manger (IAM) Level III (CISM, CISSP or Associate GSLC or CCISO)
  • Location : Bethesda, MD - On Customer SiteGDIT IS YOUR PLACE:
    • 401K with company match
    • Comprehensive health and wellness packages
    • Internal mobility team dedicated to helping you own your career
    • Professional growth opportunities including paid education and certifications
    • Cutting-edge technology you can learn from
    • Rest and recharge with paid vacation and holidaysCOVID-19 Vaccination: GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.

Keywords: General Dynamics Information Technology, Bethesda , Security Control Assessor (Active Polygraph Required), Other , Bethesda, Maryland