View all jobs
Security Control Assessor- Journeyman
Fort Mead, MDSecurity Control Assessor - Journeyman
Job Location: Fort Meade, MD
Position Type: Full Time, 40 hours per week
Athena Technology Group, Inc. is a Service-Disabled Veteran Owned /Small Business (SDVOSB) focused on Information Technology and Communications consulting, system engineering, integration, deployment and operations of stat of the art command and control and information systems that deliver critical network centric solutions to the warfighter. With a proven track record of technical support to our customers, we are looking for innovative industry professionals to join our team.
JOB DESCRIPTIONS:
Perform Security Control Assessments to determine the extent to which Information System
security controls are implemented correctly, operating as intended, and producing the desired
outcomes as stated in the DISA Information Assurance Requirements. Conducts independent
comprehensive assessments of the management, operational, and technical security controls and
control enhancements employed within or inherited by an information technology (IT) system to
determine the overall effectiveness of the controls. Follow Assessment and Authorization
procedures as defined in NIST 800-37 to complete comprehensive security control assessment and
draft formal Security Assessment Reports (SAR) to document finding.
Tasks:
● Plan and conduct security authorization reviews and assurance case development for initial
installation of systems and networks.
● Review authorization and assurance documents to confirm that the level of risk is within
acceptable limits for each software application, system, and network.
● Verify that application software/network/system security postures are implemented as stated,
document deviations, and recommend required actions to correct those deviations.
● Develop security compliance processes and/or audits for external services (e.g., cloud
service providers, data centers).
● Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
● Verify and update security documentation reflecting the application/system security design
features.
● Ensure that plans of actions and milestones or remediation plans are in place for
vulnerabilities identified during risk assessments, audits, inspections, etc.
● Support necessary compliance activities (e.g., ensure that system security configuration
guidelines are followed, compliance monitoring occurs).
● Assess the effectiveness of security controls and assess all the configuration management
(change configuration/release management) processes.
Desired skills:
● Experience with RMF, CNSSI 1253, NIST SP 800-53, ICD 503
● Experience with Security Technical Implementation Guides (STIGs) and Security Content
Automation Protocol (SCAP) Compliance Checker (SCC)
● Experience with utilizing Telos XACTA tool
● Applies knowledge of Information Assurance Vulnerability Alerts (IAVAs)
● Applies experience with compliance and vulnerability scanning tools (Nessus, McAfee ePO)
● Conducts comprehensive security control assessments levied against a system and
documenting the results, including recommendations for correcting any weaknesses or
deficiencies in the controls
● Develops a Security Assessment Report (SAR)
● Conducts comprehensive reviews of security authorization documents to ensure the
appropriate NIST security guidelines were used during the assessments and the selections of
security controls are relevant to the confidentiality, integrity, and availability of the system
● Performs security control assessments on cloud-based systems
Required Experience:
● 5+ years of relevant experience as a cyber security control assessor
● Certification Requirements: IAM Level II, CAP or CCSP preferred
● Education Requirement: B.S. or relevant experience in related field
● Clearance Requirements: Active TS/SCI
US Citizenship and an active DOD TOP SECRECT/SCI Clearance are required for the position.
Salary will be commensurate with experience. ATG is a growing company and there will be
opportunities for internal advancement. ATG is an Equal Opportunity Employer.
(*)
Job Location: Fort Meade, MD
Position Type: Full Time, 40 hours per week
Athena Technology Group, Inc. is a Service-Disabled Veteran Owned /Small Business (SDVOSB) focused on Information Technology and Communications consulting, system engineering, integration, deployment and operations of stat of the art command and control and information systems that deliver critical network centric solutions to the warfighter. With a proven track record of technical support to our customers, we are looking for innovative industry professionals to join our team.
JOB DESCRIPTIONS:
Perform Security Control Assessments to determine the extent to which Information System
security controls are implemented correctly, operating as intended, and producing the desired
outcomes as stated in the DISA Information Assurance Requirements. Conducts independent
comprehensive assessments of the management, operational, and technical security controls and
control enhancements employed within or inherited by an information technology (IT) system to
determine the overall effectiveness of the controls. Follow Assessment and Authorization
procedures as defined in NIST 800-37 to complete comprehensive security control assessment and
draft formal Security Assessment Reports (SAR) to document finding.
Tasks:
● Plan and conduct security authorization reviews and assurance case development for initial
installation of systems and networks.
● Review authorization and assurance documents to confirm that the level of risk is within
acceptable limits for each software application, system, and network.
● Verify that application software/network/system security postures are implemented as stated,
document deviations, and recommend required actions to correct those deviations.
● Develop security compliance processes and/or audits for external services (e.g., cloud
service providers, data centers).
● Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
● Verify and update security documentation reflecting the application/system security design
features.
● Ensure that plans of actions and milestones or remediation plans are in place for
vulnerabilities identified during risk assessments, audits, inspections, etc.
● Support necessary compliance activities (e.g., ensure that system security configuration
guidelines are followed, compliance monitoring occurs).
● Assess the effectiveness of security controls and assess all the configuration management
(change configuration/release management) processes.
Desired skills:
● Experience with RMF, CNSSI 1253, NIST SP 800-53, ICD 503
● Experience with Security Technical Implementation Guides (STIGs) and Security Content
Automation Protocol (SCAP) Compliance Checker (SCC)
● Experience with utilizing Telos XACTA tool
● Applies knowledge of Information Assurance Vulnerability Alerts (IAVAs)
● Applies experience with compliance and vulnerability scanning tools (Nessus, McAfee ePO)
● Conducts comprehensive security control assessments levied against a system and
documenting the results, including recommendations for correcting any weaknesses or
deficiencies in the controls
● Develops a Security Assessment Report (SAR)
● Conducts comprehensive reviews of security authorization documents to ensure the
appropriate NIST security guidelines were used during the assessments and the selections of
security controls are relevant to the confidentiality, integrity, and availability of the system
● Performs security control assessments on cloud-based systems
Required Experience:
● 5+ years of relevant experience as a cyber security control assessor
● Certification Requirements: IAM Level II, CAP or CCSP preferred
● Education Requirement: B.S. or relevant experience in related field
● Clearance Requirements: Active TS/SCI
US Citizenship and an active DOD TOP SECRECT/SCI Clearance are required for the position.
Salary will be commensurate with experience. ATG is a growing company and there will be
opportunities for internal advancement. ATG is an Equal Opportunity Employer.
(*)