Tetrad Digital Integrity LLC

Returning Candidate?

Security Control Assessor

Security Control Assessor

ID 
2017-1095
# of Openings 
5
Job Locations 
US-DC
Posted Date 
10/10/2017
Category 
Information Technology

More information about this job

Overview

TDI is seeking a Security Control Assessor to conduct a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an Information System (IS) to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). The Security Control Assessor will provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities.

Responsibilities

  • Facilitate the completion of the NIST RMF process;
  • Document the system boundary;
  • Update documents according to change in the environment;
  • Assess security controls;
  • Document security assessment (SCA);
  • Document the assessment findings in the Security Assessment Report (SAR);
  • Address comments and providing feedback from the findings as needed;
  • Provide independent RMF Step 4 documentation review and security assessment services in support of A&A;
  • Apply the standard policy and procedure templates and tools;
  • Implement an Assurance Policy that is detailed, relevant and clear;
  • Develop effective Standard Operating Procedures and Guidelines; and
  • Ensure that policy is well-integrated into the entire security program

Qualifications

  • Degree in Computer Science or related discipline from an accredited college or University required.
  • Possess 3+ years of experience conducting security control assessment of all NIST 800-53 controls.
  • Technical understanding (understanding network diagrams, vulnerability and compliance scans)
  • Excellent Communication skills (written and oral).
  • Experience creating and maintaining various security documents such as the Security Assessment Plan.
  • Thorough knowledge of NIST 800-53 security controls and required documentation.
  • Conduct security control assessments based on a Risk Management Framework approach.