Pueo Business Solutions LLC
Security Controls Assessor (Cross Domain Solutions)
Pueo Business Solutions LLC, Herndon, Virginia, United States, 22070
Overview
The Cross Domain Solutions (CDS) Security Controls Assessor (SCA) conducts a comprehensive assessment of the security controls employed within or inherited by a CDS Information System (IS) to determine their overall effectiveness. It submits the Body of Evidence (BoE), composed of the System Security Plan (SSP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and draft Authorization to Operate (ATO) Letter, to the Authorizing Official (AO) or Delegated Authorizing Official (DAO) for review and authorization decision. The SCA also advises key stakeholders, such as the Program Office, Data Owner and Authorizing Official/Delegated Authorizing Official concerning the security categorization and impact levels for confidentiality, integrity, and availability for the information on a CDS system. Responsibilities
Support the Assessment and Authorization (A&A) Risk Management Framework process for all client managed systems, networks, and enclaves (all security domains); ensure validity and accuracy review of all associated documentation; support remote sites when required. Advise ISSOs on categorization and selection of security controls (RMF steps 1 and 2) and conduct Technical Exchange Meetings (TEMs) where they collaborate with other security professionals. Communicate finding impacts through presentations and written deliverables. Stay up to date with the latest trends and technologies related to IC policy to continuously refine security inspection protocols. Required Qualifications
Expert knowledge and hands-on experience with RMF, NIST 800-series guidelines, FIPS, Security Assessment & Authorization (SA&A) requirements and processes, Continuous Monitoring Framework experience and its tools, Plan of Action & Milestones (POA&M) policies, and vulnerability/patch management. Expert with documenting and/or reviewing security materials such as System Security Plans (SSP), Security Assessment Report (SAR), Security Assessment Plan (SAP), and other documents per NIST 800 guidelines. Knowledge of Cross Domain Solutions (CDS) including but not limited to: Evaluating the security controls of systems that handle the transfer of information between different security domains or levels of classification, ensuring integrity, confidentiality, and availability of data. CDS Architecture Review: in-depth reviews of CDS architecture, data flows, data isolation, data filtering, and boundary protection. Security Policy Analysis: analyze policies, guidelines, and regulations governing cross-domain information transfers; ensure compliance with government regulations, industry standards, and organizational policies. Security Controls Assessment Planning: develop assessment plans with objectives, scope, methodologies, and success criteria. Data Diode and Guard Evaluation; Data Filtering and Sanitization Testing; Interoperability Testing; Cross Domain Access Control Review; Security Incident Response Testing; Security Documentation Review; Security Risk Assessment; Compliance Assessment. Skills: Strong interpersonal and communication skills to interact with stakeholders and team members. Experience with interrupting/combing compliance and vulnerability scanning tool reports (e.g., XACTA, STIGS, ACAS, PRISMA, Splunk, Trellix HBSS) or similar tools. Some experience leading security projects and initiatives; team-player with collaboration experience in mixed technical teams. Educational/Experience: Masters degree with 12+ years of total experience/equivalent certifications. Masters degree may be substituted with a bachelors degree and 5+ years of additional experience/equivalent certifications (total of 13+ years). Certifications: IAT-III or Maintain IAT Level III Certification (DoD 8570.01-M and DoD Directive 8140) CASP+ CE CCNP Security CISA CISSP (or Associate) GCED GCIH CCSP Clearance
Top Secret Security Clearance with SCI eligibility and ability to Pass CI Poly. Job Posted by ApplicantPro Seniorit y level
Mid-Senior level Employment type
Full-time Job function
Other, Information Technology, and Management Industries
Business Consulting and Services Referrals increase your chances of interviewing at Pueo Business Solutions LLC by 2x Sign in to set job alerts
Washington, DC #J-18808-Ljbffr
The Cross Domain Solutions (CDS) Security Controls Assessor (SCA) conducts a comprehensive assessment of the security controls employed within or inherited by a CDS Information System (IS) to determine their overall effectiveness. It submits the Body of Evidence (BoE), composed of the System Security Plan (SSP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and draft Authorization to Operate (ATO) Letter, to the Authorizing Official (AO) or Delegated Authorizing Official (DAO) for review and authorization decision. The SCA also advises key stakeholders, such as the Program Office, Data Owner and Authorizing Official/Delegated Authorizing Official concerning the security categorization and impact levels for confidentiality, integrity, and availability for the information on a CDS system. Responsibilities
Support the Assessment and Authorization (A&A) Risk Management Framework process for all client managed systems, networks, and enclaves (all security domains); ensure validity and accuracy review of all associated documentation; support remote sites when required. Advise ISSOs on categorization and selection of security controls (RMF steps 1 and 2) and conduct Technical Exchange Meetings (TEMs) where they collaborate with other security professionals. Communicate finding impacts through presentations and written deliverables. Stay up to date with the latest trends and technologies related to IC policy to continuously refine security inspection protocols. Required Qualifications
Expert knowledge and hands-on experience with RMF, NIST 800-series guidelines, FIPS, Security Assessment & Authorization (SA&A) requirements and processes, Continuous Monitoring Framework experience and its tools, Plan of Action & Milestones (POA&M) policies, and vulnerability/patch management. Expert with documenting and/or reviewing security materials such as System Security Plans (SSP), Security Assessment Report (SAR), Security Assessment Plan (SAP), and other documents per NIST 800 guidelines. Knowledge of Cross Domain Solutions (CDS) including but not limited to: Evaluating the security controls of systems that handle the transfer of information between different security domains or levels of classification, ensuring integrity, confidentiality, and availability of data. CDS Architecture Review: in-depth reviews of CDS architecture, data flows, data isolation, data filtering, and boundary protection. Security Policy Analysis: analyze policies, guidelines, and regulations governing cross-domain information transfers; ensure compliance with government regulations, industry standards, and organizational policies. Security Controls Assessment Planning: develop assessment plans with objectives, scope, methodologies, and success criteria. Data Diode and Guard Evaluation; Data Filtering and Sanitization Testing; Interoperability Testing; Cross Domain Access Control Review; Security Incident Response Testing; Security Documentation Review; Security Risk Assessment; Compliance Assessment. Skills: Strong interpersonal and communication skills to interact with stakeholders and team members. Experience with interrupting/combing compliance and vulnerability scanning tool reports (e.g., XACTA, STIGS, ACAS, PRISMA, Splunk, Trellix HBSS) or similar tools. Some experience leading security projects and initiatives; team-player with collaboration experience in mixed technical teams. Educational/Experience: Masters degree with 12+ years of total experience/equivalent certifications. Masters degree may be substituted with a bachelors degree and 5+ years of additional experience/equivalent certifications (total of 13+ years). Certifications: IAT-III or Maintain IAT Level III Certification (DoD 8570.01-M and DoD Directive 8140) CASP+ CE CCNP Security CISA CISSP (or Associate) GCED GCIH CCSP Clearance
Top Secret Security Clearance with SCI eligibility and ability to Pass CI Poly. Job Posted by ApplicantPro Seniorit y level
Mid-Senior level Employment type
Full-time Job function
Other, Information Technology, and Management Industries
Business Consulting and Services Referrals increase your chances of interviewing at Pueo Business Solutions LLC by 2x Sign in to set job alerts
Washington, DC #J-18808-Ljbffr