Is it time for a new and exciting job opportunity? Phacil, an employee-owned IT consulting company, is seeking a Risk Management Framework / Security Control Assessor for an important customer in McLean, VA. Join an amazing group of dedicated professionals and see the possibilities!
We bring service excellence and professional commitment delivering quality service and ferocious execution to our Federal Government customers. We provide solutions in the areas of Information Assurance, Cyber Security, Artificial Intelligence, Software & Systems Engineering, Cloud & Managed Services, and Network Engineering. Join us by applying at www.phacil.com/careers/opportunities .
This is a hands-on, Risk Management Framework (RMF), Technical Security Assessor / Analyst (SCA) position requiring intermediate knowledge of Tenable SCCV; Tenable Nessus Pro. and Mgr; Windows Server 2012/2016; Red Hat Linux; VMWare; SQL Server; Oracle, and other administrative and security aspects of workstation and enterprise server technology. Support the technical scanning side of the Security Control Assessments of globally deployed departmental systems through hands-on execution of customer-supplied tools and best-practice techniques, including manual and automated verification scans against defined component baselines, demonstrated knowledge of how to customize component baselines and edit Tenable .Audit files needs to be on your Resume to qualify.
The SCA will assist with determining the security and configuration status of a variety of system components including: System Scanning, Linux and Windows operating systems; SQL Server and Oracle databases; system support components; VMWare implementations. There are also occasional “one-off” components requiring development of baseline security configurations, hence technical curiosity and a desire to learn and innovate are beneficial.
For Assessment & Authorization purposes, validate the components and configurations of departmental systems deployed both globally and domestically. Identify misconfigurations, non-compliances, and anomalies which are relevant to FISMA assessment practices. Coordinate system assessment and findings to the Security Analyst for inclusion in the Security Assessment Report and participate in findings meetings with relevant system stakeholders.
Using the NIST Risk Management Framework and the NIST 800-53 security control catalog, map system and configuration anomalies to specific NIST security controls, along with specific remediation. Write accurate, cogent and defensible descriptions of security configuration status as well as succinct and defensible suggested remediation.
Another DoD IAT level II or better Cert. may be used in place of above cert.
Note: Or the ability to acquire one of the above certs. within 60 days of hire.
Current List can be found at https://www.imgva.com/8570-requirements
Must be able to Mentally envision and review between 800 and 1000 security controls per system, and then compose a report of the nonstandard settings, job aids are available. Must also have the ability to assess two or more systems as time permits and prioritize the work assigned.