Senior Security Controls Assessor (SCA)

Senior Security Controls Assessor (SCA)nDepth Security, LLC – Columbia, MDResponsibilitiesConducting verification and validation for security compliance of all information systems, products, and components.Analyzing design specifications, design documentation, configuration practices and procedures, and operational practices and procedures.Providing identification of non‑compliance of security requirements and possible mitigations to requirements that are not in compliance.Validating the security requirements of the information system.Verifying and validating that the system meets security requirements.Providing vulnerability assessments of the system.Coordinating penetration testing.Providing a comprehensive verification and validation report (assessment report) for the information system.Providing process improvement recommendations.Assisting the customer to draft standards and guidelines for usage.Conducting on‑site evaluations.Required QualificationsTwelve years of related work experience (a Bachelor's Degree in Computer Science or IT Engineering may be substituted for four years of experience).Experience in security or system engineering in five or more areas, including: telecommunications concepts, operating systems, databases/DBMS, middleware, applications, web‑servers, SANS/Netaps, Active Directory, firewalls, and controlled interfaces; DoD 8570‑1M Change 2 IAT Level III or IAM Level III requirements, including certification in an operating system such as Linux/Unix or Windows; the desired Windows certification is the Microsoft Certified Information Technology Professional (MCITP).Must be a U.S. citizen.Must be fully cleared with FS poly.Desired QualificationsStrong presentation, report writing, and customer interface skills.Familiarity with various operating systems such as Microsoft Windows, various versions of UNIX (AIX, Solaris, HPUX, etc.), and Linux.Detailed knowledge of TCP/IP and other major protocols (e.g. NetBEUI, NETBIOS, IPX/SPX) and the inherent weaknesses of the protocols.Understanding of “hacking” methodology concerning performance of vulnerability assessments.Ability to describe a system's avenues of compromise in a network environment and differentiate between various types of network attacks.An understanding of a typical secure topology and architecture for a site connected to the Internet (e.g., routers, firewalls, web servers).Understanding of how to read and interpret a network diagram and identify possible security‑related concerns.Ability to keep a robust security skill set current and to work on multiple projects concurrently.Previous instructor‑led training experience and developing classroom lectures and material to facilitate in‑person and online learning activities.Experience with Learning Management Systems (LMS) such as Moodle, Canvas, and Blackboard.#J-18808-Ljbffr

Senior Security Controls Assessor (SCA)nDepth Security, LLC – Columbia, MDResponsibilitiesConducting verification and validation for security compliance of all information systems, products, and components.Analyzing design specifications, design documentation, configuration practices and procedures, and operational practices and procedures.Providing identification of non‑compliance of security requirements and possible mitigations to requirements that are not in compliance.Validating the security requirements of the information system.Verifying and validating that the system meets security requirements.Providing vulnerability assessments of the system.Coordinating penetration testing.Providing a comprehensive verification and validation report (assessment report) for the information system.Providing process improvement recommendations.Assisting the customer to draft standards and guidelines for usage.Conducting on‑site evaluations.Required QualificationsTwelve years of related work experience (a Bachelor's Degree in Computer Science or IT Engineering may be substituted for four years of experience).Experience in security or system engineering in five or more areas, including: telecommunications concepts, operating systems, databases/DBMS, middleware, applications, web‑servers, SANS/Netaps, Active Directory, firewalls, and controlled interfaces; DoD 8570‑1M Change 2 IAT Level III or IAM Level III requirements, including certification in an operating system such as Linux/Unix or Windows; the desired Windows certification is the Microsoft Certified Information Technology Professional (MCITP).Must be a U.S. citizen.Must be fully cleared with FS poly.Desired QualificationsStrong presentation, report writing, and customer interface skills.Familiarity with various operating systems such as Microsoft Windows, various versions of UNIX (AIX, Solaris, HPUX, etc.), and Linux.Detailed knowledge of TCP/IP and other major protocols (e.g. NetBEUI, NETBIOS, IPX/SPX) and the inherent weaknesses of the protocols.Understanding of “hacking” methodology concerning performance of vulnerability assessments.Ability to describe a system's avenues of compromise in a network environment and differentiate between various types of network attacks.An understanding of a typical secure topology and architecture for a site connected to the Internet (e.g., routers, firewalls, web servers).Understanding of how to read and interpret a network diagram and identify possible security‑related concerns.Ability to keep a robust security skill set current and to work on multiple projects concurrently.Previous instructor‑led training experience and developing classroom lectures and material to facilitate in‑person and online learning activities.Experience with Learning Management Systems (LMS) such as Moodle, Canvas, and Blackboard.#J-18808-Ljbffr

• 

• Government Careers