Security Control Assessor – MD

Company Description
A Sea of Choices – One Solution
There are almost as many IT security firms as there are organizations in need of their guidance. The big names boast decades of experience and a global reputation; the smaller names promise personalized work experience with lean operations.

We know there are a lot of firms vying for you. So why choose MindPoint Group?

MindPoint Group – The IT Security Job You’ve Been Looking For
At MindPoint Group, we specialize in one thing: IT security. In fact, our singular focus and reputation as cyber security specialist have earned us roles as trusted advisors to key government decision makers where we help shape IT security policy, engineer innovative security solutions, and support security operations.

At MindPoint Group, we hire only the most driven, most qualified IT security professionals, and we equip them with the tools and resources they need to deliver success. We are profoundly invested in selecting the right people to join our team and are equally driven to retain them for the long term. And so, when we find the right fit, we make it work. We offer challenging, growth-oriented assignments. Our collaborative culture unites our staff. And we reward employees with a competitive and exceptional benefits package.

Company Mission
MindPoint Group’s is deeply committed to our mission to become a trusted partner by consistently delivering proven, on point services to our clients. We strive to provide an organizational culture that fosters innovation, technical excellence, dedication to repeatable processes, and attention to detail. We believe that by empowering our employees to excel and providing them with the means to do so, MindPoint Group will consistently exceed our customers’ expectations.

Job Description
MindPoint Group is seeking a Security Control Assessor (SCA) who will be directly responsible for ensuring our client staff have a positive and productive working relationship with other client Components and or external agencies as applicable. The Security Control Assessor is responsible for knowing all applicable mandates, how and where these mandates tie into client agency orders, policies, instructions, standards, handbooks and guides, as well as the impact of the security requirements on Component systems and mission. The Security Control Assessor will oversee Component IT security activities and compliance, as well as provide hands-on assistance as appropriate to ensure Component success. In addition, the Security Control Assessor is directly involved in supporting the client in various audit activities while serving as the liaison between the auditors, Components, and the Department. Tasking includes:

Develop and provide all documentation necessary for performing a Security Control Assessment.
Security Control Assessment Plan (SCAP), Scanning Authorization Requests, Access Requests, Security Assessment Results (SAR), Security Technical Results, and other ad hoc system specific documentation as specified by the government
Ensure that system access required for testing is acquired at least 30 days prior to Security Assessment start date and remains for at least 6 months post-assessment to accommodate any additional follow-on testing.
Be proficient at testing, analyzing and interpreting Security Assessment Results for all systems, including but not limited to the following platforms.
Microsoft Server 2003/2008/Other, Microsoft SQL Server, Oracle DB, Windows XP, 7, Solaris / AIX / UNIX / Linux, Pervasive DB, Mobile Devices, Mainframes, Routers/Switches/Firewalls, Printers/Faxes/Multi-Function Devices, Cold fusion / PHP / ASP, Websphere / JAVA
Conduct both Full and Ad Hoc assessments
Review the controls that support the Requirements Traceability Matrix (RTM) and the details of the Security Plan (SP) to determine completeness and accuracy.
Ensuring accuracy of the assets identified within the system, ensuring the assets are being properly tested within Security Center 4 or other related tool as required by the client and that the monthly testing results are accurate and proper credentials have been provided in order to yield accurate results, and identify any rogue assets that should be within the system boundary.
Follow and abide by the SCA Standard Operating Procedure (SOP) that is provided by the client.
Provide Security Assessment Results to meet client requirements and standards, which will include at a minimum the following documents: SAR, RTM, and a detailed technical results document as stipulated by the client upon Security Assessment completion.
Assist with the interpretation and analysis of Security Assessment Results upon completion of each Security Assessment and/or as requested to assist with post-assessment questions, to assess the vulnerability and risk to the system and to the customer or other connected systems.
Functional Responsibilities:

The candidate may perform any or all of the following: Performs security audits, evaluations, and risk assessments of complex operational systems and facilities and provides recommendations for remediating detected vulnerabilities; conduct security and internal control reviews of sensitive systems. The candidate conducts specific technical reviews to support non-standard operational requirements and systems. Conducts security assessments, security authorizations and assesses technology to ensure that security vulnerabilities are identified and remediated.

Minimum 6 years of general work experience and 3 years of relevant experience in functional responsibility.
Top Secret clearance
Bachelor’s Degree
Candidates should be well-versed in risk management and must have experience working with SDLC, and performing security tasks throughout.
Experience and working understanding of FISMA compliance, experience conducting all phases of Certification and Accreditation (C&A) and creating documentation in accordance with NIST guidance.
Understanding and experience with CSAM is a PLUS.
Candidate should have strong analytical and organizational skills.
Candidate should have concise writing skills, excellent MS Word skills as well as other MS Office Applications.
Personnel shall be well versed with NIST publications, OMB circulars and memorandum, and CNSS publications and their requirements and impact on system security.

Additional Information
All your information will be kept confidential according to EEO guidelines.


. . . . . . . .

Leave a Reply