Security Control Assessor (SCA), Level 3 (Government) Job
Job Description Job Attributes+
OAKTON, VA, US
AT&T Global Public Sector is a trusted provider of secure, IP enabled, cloud-based, network solutions and professional services to the Federal Government. We are dedicated to recruiting, developing and empowering a diverse, high-performing workforce that is passionate about what they do, committed to our shared values and dedicated to our customers’ mission.
Our National Security Team supports the intelligence community, providing, operating and assuring critical voice, video and collaboration services for the full spectrum of operations. The services required by this contract will assist OS&CI in providing the NRO a secure mission environment. The contractor shall provide realistic, innovative information security solutions to accomplish the requirements in addition to program management. The services obtained under this contract shall provide expertise to support information systems security, security control assessments, information assurance engineering, and security control assessments test engineering.
AT&T has an opening for a Security Control Assessor (SCA), Level 3 to support the National Security Sector, in providing subject matter expertise supporting and participating in independent assessment activities as part of the Risk Management Framework (RMF) Assessment and Authorization (A&A) process within the NRO. Personnel will be responsible for auditing all entries and artifacts within the A&A database as well as conducting Red/Blue team tests to determine system readiness for their ATO packet submissions.
- Review information systems for compliance with applicable DCID. lCD. and NRO directives and guidance. and make recommendations to the USG;
- Provide JS security advice and guidance in accordance with applicable DCJD, lCD, and NRO directives and guidance to Government and industry partners for the protection of data at all classification levels including SCI;
- Provide IS technical guidance and support in preparing responses for USG approval to A&A questions asked by Government and industry partners;
- Evaluate and recommend approval, disapproval, or waiver(s) for JS processing national security data at industry and/or Government facilities;
- Support NRO Security’s development and implementation of directives and guidance for NRO Information Assurance, Information Technology, and Information Management policies;
- Provide input to NRO for consideration in the promulgation of future NRO IS security policy;
- Support and/or conduct site visits and assessments to inspect and verify IS reports and plans at industrial and Government locations as approved by the cognizant COTR or site Government Point of Contact (GPOC), and provide a written report for review and approval by the Government;
- Prepare reports and memoranda, to include, but not limited to: Memoranda for the Record (MFR), Memoranda of Agreement (MOA), Authorization To Proceed, and status and technical briefs for review and approval by the Government;
- Update data and maintain Government-provided databases with current information about Government and industry IS status and representative contact information;
- Prepare, review, and record notification and status messages to indicate A&A state of systems to system owner or programs in a format approved by the Government;
- Ensure that appropriate IS security requirements including applicable DCID, lCD, and NRO directives and guidance are addressed and applied and that appropriate documentation is prepared by the system owners or programs. The documentation will be contained in the Security Assessment Package, including, but not limited to the Concept of Operations (CONOPS) Plan, System Security Plans, System Requirements Traceability Matrix, Risk Management Matrix, Test Results, interface control documents, requests for changes. test plans, and other related program security documentation;
- Track completion of the Security Assessment Report (SAR);
- Support the preparation of the SAR, including, but not limited to, the Summary of Assessment results and Authorization Recommendation;
- Review, coordinate, and respond to IS security issues as requested by the Government;
- Provide A&A support to the Government thr the protection of special programs and tactical operations related activities.
Active TS/SCI, with Poly (#polygraph)
- Candidates must have a bachelor’s degree or higher and 5 years of experience that can be a combination of work history and education. This equates to master’s and 3 years, bachelor’s and 3 years, Associates and 7 years or HS and 7 years.
- Must meet minimum requirements for DoD 8570 IAM Level 2 certification requirements.
- Practical experience performing information systems assessment and authorization (A&A) as defined in applicable ICDs and guidance;
- Practical experience performing the processes involved in developing and implementing security related directives and guidance for Information Assurance, Information Technology, and Information Management;
- Practical experience utilizing risk management strategies for information technology solutions;
- Technical understanding of emerging technologies and their implementation within Government system and network environments;
- Knowledge of information technology concepts used in the evaluation of security performance and integrity of state-of-the-art applications, communications systems, hardware, software, satellite control systems, and information processing systems;
- Technical understanding of information technology systems, software, and networks;
- Ability to effectively coordinate A&A activities of industry and Government information systems to meet acquisition milestone requirements; and
- Effective technical report and general correspondence writing ability.
- Ability to manage and track systems or programs involved in the A&A process.
- Experience developing and implementing security related directives and guidance for Information Assurance, Information Technology, and Information Management; and
- Experience working with a mixed skill level team to ensure that appropriate knowledge and skill transfer occurs.
AT&T is an Affirmative Action/Equal Opportunity Employer and we are committed to hiring a diverse and talented workforce. EOE/AA/M/F/D/V