It's fun to work in a company where people truly BELIEVE in what they're doing!
We're committed to bringing passion and customer focus to the business.
SUMMARY
The Security Control Assessor Representative (SCA-R) / Dedicated Team Lead interface directly with assigned PM to understand the mission, security architecture, deployment locations and model, as well as any changes/upgrades that will occur to the program. Perform cybersecurity assessments/risk analysis. The purpose of the SCA-R support is to perform SCA-R/team lead functions within the A&A process. Each team lead shall perform team lead/SCA-R duties for approximately 25 programs. Programs and enclaves can include those supporting DISA, DoD CIO, Combatant Commands, DoD Agencies, Battlefield Information Collection and Exploitation System (BICES), or other DoD entities. This support can report to multiple AOs. The team lead shall follow the A&A process guidance and normal procedures of a team lead as outlined by the Government. Functions as a technical expert on multiple project assignments, equipment baselines, operating systems, and communication protocols. Has practical analytic skills to evaluate security posture with automated security tool and recommends mitigation and optimizes security posture of IT components. This position is onsite located at Fort Meade, MD.
- This position requires one of the following certifications: CISM, CISSP, GSLC, CCISO
- **Travel INCONUS and OCONUS is required - 20% travel
- Requires DOD Secret or Top Secret Clearance.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Essential duties and responsibilities include the following. Other duties may be assigned.
Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge/quality of work, supporting financial goals of the company, initiative/motivation, cooperation/relationships, problem analysis/discretion, accomplishing goals through organization, positive oral/written communication skills, leadership abilities, commitment to Affirmative Action, reliability/dependability, flexibility and ownership/accountability of actions taken.
Lead a team to perform certification assessments for assigned programs to include review of change requests; review of ports, protocols, and services; whitelist requests; self-assessments results; statements of compliance; scan and STIG reviews; systems security plans; cybersecurity control evidence and artifacts; and on-site review results.
Perform certification assessments for assigned programs to include review of change requests; review of ports, protocols, and services; whitelist requests; self-assessments results; statements of compliance; scan and STIG reviews; systems security plans; cybersecurity control evidence and artifacts; and on-site review results.
Lead a team to review a system/enclave where the system/enclave resides. The team lead shall be required to conduct an in-brief, a daily hot wash with the review team and system/enclave/site personnel, and an out brief. In briefs and out briefs shall be submitted to RE5 SharePoint Administrator for posting to the repository no more than five business days after the review is complete. The trip report shall be submitted in the Government provided trip resourcing tool no more than five business days after the review is complete.
Present results and recommendations to AOs, Site Commanders, PMs, or other Government leadership.
Attend weekly training sessions and staff meetings to gain an understanding of changes or clarifications to procedures.
Team leads shall be required to use a variety of tools to include the Government provided trip resourcing tool (used to execute and on-site review), eMASS (for control reviews), Team Lead Resource (TLR) (to provide information on a program), nSPECT (to create in and out brief reports), and Requirement Tracking System (RTS) (to submit actions for review/signature). Other tools that will be used include the PPSM database, Whitelist Tool, DoD Information Technology Portfolio Repository (DITPR), RMF Knowledge Service, and Enterprise Security Posture System (ESPS).
Conduct security architecture reviews to ensure that the program’s architecture is in compliance with STIG requirements and best practices. This technical analysis will be considered in the risk analysis and documented/include in the certification recommendation.
Develop customized checklists based on the security architecture, special purpose equipment, type accredited deployment guides, Unified Capabilities Approved Product List deployment guides, and required ancillary equipment.
Analyze Plans of Action and Milestones (POA&M) and mitigation plans for unresolved findings to determine residual risk. This shall include reviewing and analyzing submitted POA&Ms with detailed technical justification and references for mitigations and determining if the proposed solution is adequate mitigation for approval. This technical analysis shall be documented/include in the statement of residual risk.
Conduct a Risk Assessment to analyze threats to and vulnerabilities of an information system and the potential impact that the loss of information or capabilities of a system would have on the user communities and the mission of the organization. The resulting analysis is used as a basis for identifying appropriate and cost-effective countermeasures and to determine residual risk.
Lead a team to review a system/enclave where the system/enclave resides. The team lead shall be required to conduct an in-brief, a daily hot wash with the review team and system/enclave/site personnel, and an out brief. In briefs and out briefs shall be submitted to RE5 SharePoint Administrator for posting to the repository no more than five business days after the review is complete. The trip report shall be submitted in the Government provided trip resourcing tool no more than five business days after the review is complete. v Present results and recommendations to AOs, Site Commanders, PMs, or other Government leadership.
Attend weekly training sessions and staff meetings to gain an understanding of changes or clarifications to procedures.
Team leads shall be required to use a variety of tools to include the Government provided trip resourcing tool (used to execute and on-site review), eMASS (for control reviews), Team Lead Resource (TLR) (to provide information on a program), nSPECT (to create in and out brief reports), and Requirement Tracking System (RTS) (to submit actions for review/signature). Other tools that will be used include the PPSM database, Whitelist Tool, DoD Information Technology Portfolio Repository (DITPR), RMF Knowledge Service, and Enterprise Security Posture System (ESPS).
Conduct security architecture reviews to ensure that the program’s architecture in compliance with STIG requirements and best practices. This technical analysis will be considered in the risk analysis and documented/include in the certification recommendation.
Develop customized checklists based on the security architecture, special purpose equipment, type accredited deployment guides, Unified Capabilities Approved Product List deployment guides, and required ancillary equipment.
Analyze Plans of Action and Milestones (POA&M) and mitigation plans for unresolved findings to determine residual risk. This shall include reviewing and analyzing submitted POA&Ms with detailed technical justification and references for mitigations and determining if the proposed solution is adequate mitigation for approval. This technical analysis shall be documented/include in the statement of residual risk.
Conduct a Risk Assessment to analyze threats to and vulnerabilities of an information system and the potential impact that the loss of information or capabilities of a system would have on the user communities and the mission of the organization. The resulting analysis is used as a basis for identifying appropriate and cost-effective countermeasures and to determine residual risk.
Attend the A&A Team Lead Training, Reviewer Introduction Training, Network Security Readiness Review (SRR) Course, and become ACP qualified in one SRR technology.
Responsible for aiding in own self-development by being available and receptive to all training made available by the company.
Plans daily activities within the guidelines of company policy, job description and supervisor’s instruction in such a way as to maximize personal output.
Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and co-workers. Will report any unsafe conditions and/or practices to the appropriate supervisor and human resources. Will immediately correct any unsafe conditions as the best of own ability.
Promotes and encourages a culture of compliance with all applicable rules (federal, state, local, Federal Acquisition Regulations, Code of Federal Regulations, Prime Contract requirements, etc.) for themselves and the company as a whole. Fosters an environment in which they will report any violations or reasonably suspected violation of CNI policy, FAR, and/or CFR and are comfortable discussing the myriad compliance, conflict, FAR, CFR, etc. issues that arise during the performance of a government contract.
EDUCATION/EXPERIENCE REQUIRED
Bachelor of Science (B.S.) or above, or equivalent combination of IT technical or cybersecurity Associates Degree and seven (7) years’ experience.
Experience with a Program in a Federal organization.
A demonstrated proficiency in Microsoft Windows/Office and Microsoft Project.
CERTIFICATES / LICENSES / REGISTRATION
Must possess a 8570 DOD IAM-III level certification which requires one of the following certifications: CISM, CISSP, GSLC, CCISO.
Must posses a Secret or Top Secret Clearance.
May be subject to a background investigation and must be able to meet the requirements to hold a government security clearance.
JOB SPECIFIC KNOWLEDGE / SKILLS / ABILITIES
Excellent critical thinking skills with ability to identify, analyze and resolve problems / complex issues
Excellent verbal and written communications skills with ability to prepare quality reports and effectively communicate / interact with a wide variety of technical and non-technical audiences (i.e., customers, team members, management and federal staff)
Exceptional customer service skills with ability to respond to requests in a professional, helpful and timely manner
Highly organized with ability to effectively manage multiple projects and priorities
Ability to work in a fast-paced environment and to learn and apply new knowledge and techniques related to incident response and continuous monitoring capabilities
Ability to effectively work both independently and in a team environment for the successful achievement of goals
LANGUAGE SKILLS
Ability to read, analyze and interpret common scientific and technical journals, financial reports, and legal documents. Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community. Ability to write speeches and articles for publication that conform to prescribed style and format. Ability to effectively present information to top management, public groups, and/or boards of directors.
MATHEMATICAL SKILLS
Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference and volume. Ability to apply concepts of basic algebra and geometry.
REASONING ABILITY
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
PHYSICAL DEMANDS
The physical demands described here are representative of those that must be met by an employee to perform successfully the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job. Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic.
All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status.
- The pay range for this role is $130K to $140K per annum, with the final offer amount dependent on location, skillset, and experience.
- CNI offers a comprehensive benefits package that includes:
- Medical
- Dental
- Vision
- 401(k)
- STD/LTD/AD&D
- Employee Assistance Program (EAP)
- Paid Time Off (PTO)
- Training and Development Opportunities
#INDCNI
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!