Security Control Assessor/Vulnerability Analyst

CENTERPOINT

Security Control Assessor/Vulnerability Analyst

St. Louis, MO
Full Time
Paid
  • Responsibilities

    CUSTOMER: Intel Client

    CENTERPOINT is seeking a motivated and customer-oriented cybersecurity professional to support our IC client. The candidate will support the client in executing Risk Management Framework (RMF) based Assessment & Authorization (A&A) activities. Specifically, the candidate will support RMF Step 4 and perform security control assessments against a system to determine the extent to which Information System security controls are implemented correctly, operating as intended, and producing the desired outcomes. In addition, the candidate should be able to contribute to the completion of milestones associated with specific projects and provides solutions to a variety of complex technical problems involving security control assessments.

    DUTIES:

    ASSESS SECURITY CONTROLS

    Perform Security Control Assessments (SCAs) to determine the extent to which Information System security controls are implemented correctly, operating as intended, and producing the desired outcomes as stated in the NGA Information Assurance Requirements Catalog (IARC.)

    CONTINUOUS MONITORING

    Support NGA's Information System Continuous Monitoring (ISCM) program to ensure information system cybersecurity risk is acceptable throughout the system life cycle.

    DESIRED SKILLS:

    • Experience with RMF, CNSSI 1253, NIST SP 800-53, ICD 503
    • Experience with Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker (SCC)
    • Experience with utilizing Telos XACTA tool
    • Applies knowledge of Information Assurance Vulnerability Alerts (IAVAs)
    • Applies experience with compliance and vulnerability scanning tools (Nessus, McAfee ePO)
    • Conducts comprehensive security control assessments levied against a system and documenting the results, including recommendations for correcting any weaknesses or deficiencies in the controls
    • Develops a Security Assessment Report (SAR)
    • Conducts comprehensive reviews of security authorization documents to ensure the appropriate NIST security guidelines were used during the assessments and the selections of security controls are relevant to the confidentiality, integrity, and availability of the system
    • Performs security control assessments on cloud-based systems (i.e., AWS)
    • Validates closure of liens and update POA&Ms, as applicable

    REQUIRED EXPERIENCE: 5+ years of relevant experience as a cyber security control assessor

    CERTIFICATION REQUIREMENTS:

    IAT Level III (CISA, CISSP, CASP, CCNP Security, GCED, GCIH) with CND-AU (CISA, CEH, CySA, GSNA)

    EDUCATION REQUIREMENT: B.S. or relevant experience in related field

    CLEARANCE REQUIREMENTS:

    Active TS/SCI