Security Control Assessor IV w/ active TS/SCI Polygraph in Chantilly, VA at General Dynamics Information Technology

Date Posted: 6/29/2020

Job Snapshot

Job Description

General Dynamics IT is seeking an experienced Security Control Assessor to provide information security Assessment & Authorization (A&A) support throughout the program’s lifecycle. The Security Control Assessor (SCA) is the Information Assurance (IA) Independent Validation and Verification (IV&V) role in the Risk Management Framework (RMF) workflow.

In this important role, you will apply in-depth system security knowledge and skills to provide Assessment & Authorization (A&A) support throughout a systems lifecycle.  You will conduct full and partial assessments of security controls implemented on customer owned and sponsored Information Systems’, enhances IS security awareness of Directorates & Offices' staff, ensures proper IS security resources are appropriately applied as well as acts as IS liaison between the Directorates & Offices and the Government.  Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.  Participates in special projects as required.

**Position requires an active in-scope TS/SCI clearance and polygraph.**

BA/BS – Bachelor’s degree in relevant to computer engineering, information security, information management, and/or computer science preferred and 10 years’ of relevant experience information technology security, information systems security, information assurance engineering experience or HS +15 years’ experience.

Employees must possess and maintain, or obtain within six months from their arrival date, required IAM Level III compliant certifications (CISSP / CISM /  GSLC) or higher. 

Responsibilities:

  • Review information systems for compliance with applicable DCID, ICD, and directives and guidance
  • Provide IS security advice and guidance in accordance with applicable DCID, ICD, and directives and guidance to Government and industry partners for the protection of data at all classification levels including SCI
  • Provide IS technical guidance and support in preparing responses for USG approval to A&A questions asked by Government and industry partners;
  • Evaluate and recommend approval, disapproval, or waiver(s) for IS processing national security data at industry and/or Government facilities
  • Support development and implementation of directives and guidance for Information Assurance, Information Technology, and Information Management policies
  • Provide input for consideration in the promulgation of future IS security policy
  • Support and/or conduct site visits and assessments to inspect and verify IS reports and plans at industrial and Government locations as approved by the Government, and provide a written report for review and approval by the USG;
  • Prepare reports and memoranda, to include, but not limited to: Memoranda for the Record (MFR), Memoranda of Agreement (MOA), Authorization To Proceed, and status and technical briefs for review and approval by USG;
  • Update data and maintain Government-provided databases with current information about Government and industry IS status and representative contact information.
  • Prepare, review, and record notification and status messages to indicate A&A state of systems to system owner or programs in a USG approved format.
  • Ensure that appropriate IS security requirements including applicable DCID, ICD, and directives and guidance are addressed and applied and that appropriate documentation is prepared by the system owners or programs. The documentation will be contained in the Security Assessment Package, including, but not limited to the Concept of Operations (CONOPS) Plan, System Security Plans, System Requirements Traceability Matrix, Risk Management Matrix, Test Results, interface control documents, requests for changes, test plans, and other related program security documentation;
  • Track completion of the Security Assessment Package and report status;
  • Support the preparation of the Security Assessment Report (SAR). The SAR contents include, but is not limited to the, Summary of Assessment results and Authorization Recommendation;
  • Review, coordinate, and respond to IS security issues as requested by the Government;
  • Perform short term (less than 90 days) CONUS and OCONUS travel to conduct site security inspections when approved by the Government;
  • Provide A&A support to the Government for the protection of special programs and tactical operations related activities.
  • Participates in special projects as required.

Minimum 5 years' relevant experience and in-depth information system security knowledge/skills to include:

  • Ability to simultaneously manage and track multiple large scale systems or programs involved in the A&A process.
  • Practical experience performing information systems assessment and authorization (A&A) as defined in applicable DCID and ICD directives and guidance
  • Practical experience performing the processes involved in developing and implementing security related directives and guidance for Information Assurance; Information Technology; and Information Management
  • Practical experience utilizing risk management strategies for information technology solutions
  • Technical understanding of emerging technologies and their implementation within Government system and network environments;
  • Knowledge of information technology concepts used in the evaluation of security performance and integrity of state-of-the-art applications; communications systems; hardware; software; satellite control systems; and information processing systems
  • Technical understanding of information technology systems; software; and networks
  • Ability to effectively coordinate A&A activities of industry and Government information systems to meet acquisition milestone requirements
  • Effective technical report and general correspondence writing ability
  • Ability to manage and track systems or programs involved in the A&A process.
  • Experience developing and implementing security related directives and guidance for Information Assurance, Information Technology, and Information Management
  • Experience working with a mixed skill level team to ensure that appropriate knowledge and skill transfer occurs
  • Desired education relevant to computer engineering, information security, information management, and/or computer science; and
  • Desired experience in technical project management.

#ISDCJ

#DPOST

At GDIT, our 'People First' culture commits to every employee feeling valued and supported throughout their career.  Our comprehensive Total Rewards package – including programs focused on financial, physical, emotional and social well-being – demonstrates this commitment.

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.