Job Title: IT Security Assessor
Posted by: VT Group on May 27, 2020
Location:
Arlington , VAJob Description:
Overview
VT Group is a leading technology integrator with close to 50 years' experience delivering technology and C5ISR solutions to solve the complex challenges faced by our government and commercial customers in the Defense and National Security markets.
VT Group is seeking an IT Security Assessor to support our DoD Federal Client onsite in Arlington, VA at the Pentagon.
Responsibilities
Use automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess security vulnerabilities and deficiencies of information systems to include enclaves, networks, applications, services, software, and Platform IT (PIT). Identify appropriate ISSM, ISSO, and other points of contact to obtain required artifacts for evidence, examination, and inspection before, during and post assessments. Conduct in-depth vulnerability assessments and asset information system auditing (e.g., servers, workstations, network appliances, storage devices, and applications), review security controls and configurations, and validate if security objectives and goals are met, and, where applicable, review compliance requirements and best practices. Execute a request for a plan of action and milestones along with conducting vulnerability scan results to mitigate risks. Produce Security Assessment Plans (SAPs) for government approval prior to the assessment, record findings during the assessment, and produce a Security Assessment Report (SAR) for the organization's assessment period. Establish and confirm the visibility of assets at service provider data center locations. Assess the compliance, effectiveness, or changed state of security controls protecting the client-owned operated portion of the DoD Information Network (DoDIN) and separately operated ISs. Assess STIG checklists for accuracy and assist system owner/ISSM in importing validated scans to eMASS and linking to applicable security controls. Work closely with the System Certification Specialists, Risk Manager, Compliance Analyst, eMASS System Administrator, and system PM/ISO/ISSMs. Complete 100% accurate IV&V inspections as attested to by an ISSM SAR review for RMF Step 4 assessments, and assessments IAW NIST guidance for client's authorized systems in continuous monitoring. The IV&V Team will develop an organizational continuous monitoring plan that supports all of the client's support information system owners and authorized systems. Provide a written Security Assessment Plan (SAP) documentation prior to each independent security control assessment. Review the IV&V SOP quarterly at minimum, update changes, and provide to the government for approval quarterly. Provide input to and participate in updating the RMF Process Guide, on a quarterly basis at minimum or as changes occur; provide for government approval quarterly. The IV&V Team will generate an annual schedule of planned IV&V site visits and provide for government approval prior to the start of the first assessment. Provide a weekly status report to the government of all active IV&V assessments. IV&V team will provide an annual report to the government on organizational lessons learned, systemic non-compliance security controls, recommendations to the CIO & AO for improved security control compliance. Improve processes and plans to ensure the most efficient use of government time and money using past work experience, knowledge, and available NIST/CNSS/DoD/CJCS/JS guidance.
Qualifications
Must have a minimum of 5 years of related industry experience and a bachelor's degree preferably in Engineering, Computer Science, or Cybersecurity. Must have experience with NIST and/or Risk Management Framework. Must have an active TS/SCI Clearance and ability to maintain clearance level. Must be deemed IAM II/IAT-III level certified. CISSP and Certified Authorization Professional (CAP) preferred. VT Group offers eligible employees a variety of comprehensive benefits programs, which include:
Medical insurance through a nationwide network Dental insurance for preventive, basic and major services Vision insurance that covers a wide range of services (subject to a specific co-pay or co-insurance amount) Flexible Spending Account (FSA) and Health Savings Account (HSA) options Tuition Reimbursement 401(k) Retirement Plan with company match Paid Time Off Holiday Paid Time Off Pet Insurance + More!To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed above are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.VT Group is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, gender identity, sexual orientation, national origin, disability, or protected Veteran status.VT Group is a drug free workplace. All applicants must pass a drug test before beginning work or receiving an offer of employment. Refusal to submit to testing will result in disqualification of further employment consideration.
VT Group is a leading technology integrator with close to 50 years' experience delivering technology and C5ISR solutions to solve the complex challenges faced by our government and commercial customers in the Defense and National Security markets.
VT Group is seeking an IT Security Assessor to support our DoD Federal Client onsite in Arlington, VA at the Pentagon.
Responsibilities
Use automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess security vulnerabilities and deficiencies of information systems to include enclaves, networks, applications, services, software, and Platform IT (PIT). Identify appropriate ISSM, ISSO, and other points of contact to obtain required artifacts for evidence, examination, and inspection before, during and post assessments. Conduct in-depth vulnerability assessments and asset information system auditing (e.g., servers, workstations, network appliances, storage devices, and applications), review security controls and configurations, and validate if security objectives and goals are met, and, where applicable, review compliance requirements and best practices. Execute a request for a plan of action and milestones along with conducting vulnerability scan results to mitigate risks. Produce Security Assessment Plans (SAPs) for government approval prior to the assessment, record findings during the assessment, and produce a Security Assessment Report (SAR) for the organization's assessment period. Establish and confirm the visibility of assets at service provider data center locations. Assess the compliance, effectiveness, or changed state of security controls protecting the client-owned operated portion of the DoD Information Network (DoDIN) and separately operated ISs. Assess STIG checklists for accuracy and assist system owner/ISSM in importing validated scans to eMASS and linking to applicable security controls. Work closely with the System Certification Specialists, Risk Manager, Compliance Analyst, eMASS System Administrator, and system PM/ISO/ISSMs. Complete 100% accurate IV&V inspections as attested to by an ISSM SAR review for RMF Step 4 assessments, and assessments IAW NIST guidance for client's authorized systems in continuous monitoring. The IV&V Team will develop an organizational continuous monitoring plan that supports all of the client's support information system owners and authorized systems. Provide a written Security Assessment Plan (SAP) documentation prior to each independent security control assessment. Review the IV&V SOP quarterly at minimum, update changes, and provide to the government for approval quarterly. Provide input to and participate in updating the RMF Process Guide, on a quarterly basis at minimum or as changes occur; provide for government approval quarterly. The IV&V Team will generate an annual schedule of planned IV&V site visits and provide for government approval prior to the start of the first assessment. Provide a weekly status report to the government of all active IV&V assessments. IV&V team will provide an annual report to the government on organizational lessons learned, systemic non-compliance security controls, recommendations to the CIO & AO for improved security control compliance. Improve processes and plans to ensure the most efficient use of government time and money using past work experience, knowledge, and available NIST/CNSS/DoD/CJCS/JS guidance.
Qualifications
Must have a minimum of 5 years of related industry experience and a bachelor's degree preferably in Engineering, Computer Science, or Cybersecurity. Must have experience with NIST and/or Risk Management Framework. Must have an active TS/SCI Clearance and ability to maintain clearance level. Must be deemed IAM II/IAT-III level certified. CISSP and Certified Authorization Professional (CAP) preferred. VT Group offers eligible employees a variety of comprehensive benefits programs, which include:
Medical insurance through a nationwide network Dental insurance for preventive, basic and major services Vision insurance that covers a wide range of services (subject to a specific co-pay or co-insurance amount) Flexible Spending Account (FSA) and Health Savings Account (HSA) options Tuition Reimbursement 401(k) Retirement Plan with company match Paid Time Off Holiday Paid Time Off Pet Insurance + More!To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed above are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.VT Group is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, gender identity, sexual orientation, national origin, disability, or protected Veteran status.VT Group is a drug free workplace. All applicants must pass a drug test before beginning work or receiving an offer of employment. Refusal to submit to testing will result in disqualification of further employment consideration.
Pay Rate:
Unspecified
HR. Website URL:
https://careers-vt-group.icims.com/jobs/search?ss=1&hashed=-435622309
Sign Up to Apply to this position
(if you already have a CGO account, just press the button below)
About VTG
Tracing our earliest roots to 1866, VTG has built a 150-year legacy of combining innovative technologies, deep domain knowledge, and advanced engineering and technical expertise with the agility needed to meet our Defense and National Security customers’ most challenging and dynamic mission requirements. VTG delivers force modernization and digital transformation solutions that expand America’s competitive advantage in the modern battlespace. Whether at sea, in the air, on land, or in cyberspace, our agile solutions ensure our Defense and National Security customers meet their most challenging and dynamic mission requirements. VTG delivers Tomorrow’s Transformation Today.
Please visit this employer's Public Profile to see more jobs offered by VTG