Security Control Assessor - Intermediate with Security ...

Security Control Assessor - Intermediate Excentium, Inc. is a Service-Disabled Veteran owned small business that provides Cyber Security Engineering, Information Assurance (IA), management, Certification and Accreditation (C&A), and other IT services to government and commercial organizations. We have an opportunity for a Security Control Assessor - Intermediate supporting our corporate needs in the Springfield, VA area. MINIMUM CLEARANCE LEVEL: TS/SCI (CI poly required) CITIZENSHIP: US Citizenship LOCATION: Springfield, VA Position Description: The Security Control Assessor (SCA) will conduct and document a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system. Determine the overall control effectiveness through documentation review, inspections, testing, and interviews. Provide an assessment of the severity of weakness or deficiencies and recommend corrective actions to address identified vulnerabilities. Provide initial mitigation of Cybersecurity incidents, support incident investigations, and closure of the incident. Provide assessment of proposed technology (hardware, software, and firmware) for Cybersecurity vulnerabilities. Responsibilities: * Analyzes the security of new or existing computer applications, software, or specialized utility programs and provides actionable results. * Apply coding and testing standards, apply security testing tools including ''''fuzzing'' static-analysis code scanning tools, and conduct code reviews. * Apply secure code documentation. * Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules. * Develop threat model based on customer interviews and requirements. * Consult with engineering staff to evaluate interface between hardware and software. * Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration. * Identify basic common coding flaws at a high level. * Identify security implications and apply methodologies within centralized and decentralized environments across the enterprise''s computer systems in software development. * Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life. * Perform integrated quality assurance testing for security functionality and resiliency attack. * Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. * Address security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing. * Store, retrieve, and manipulate data for analysis of system capabilities and requirements. * Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria. * Perform penetration testing as required for new or updated applications. * Consult with customers about software system design and maintenance. * Direct software programming and development of documentation. * Supervise and assign work to programmers, designers, technologists and technicians, and other engineering and scientific personnel. * Analyze and provide information to stakeholders that will support the development of security application or modification of an existing security application. * Analyze security needs and software requirements to determine feasibility of design within time and cost constraints and security mandates. * Conduct trial runs of programs and software applications to ensure that the desired information is produced, and instructions and security levels are correct. * Develop secure software testing and validation procedures. * Develop system testing and validation procedures, programming, and documentation. * Perform secure program testing, review, and/or assessment to identify potential flaws in codes and mitigate vulnerabilities. * Determine and document software patches or the extent of releases that would leave software vulnerable. * Conducting vulnerability scans and recognizing vulnerabilities in security systems. * Designing countermeasures to identified security risks. * Developing and applying security system access controls. Required Qualifications: * Qualified candidates must have one of the following IAM Level-3 certifications: * CISM * CISSP (or Associate) * GSLC * CCISO * Candidates must have 4 or more years of experience in the validation of security configuration of operating systems. * Must have 2 or more years of experience applying Risk Management Framework (RMF) as described in the National Institute of Standards and Technology Special Publications. * Must meet the Cyber IT/Cybersecurity Workforce (CSWF) Security Control Assessor (612); Intermediate Level for SECNAV M-5239.2 compliance. (See Navy Cool Website) * Travel Requirements: Travel approximately 30% annually. * Education: Bachelor''s degree from accredited University; or Certification: Certified Authorization Professional (CAP); or Cisco Certified Network Associate (CCNA) Routing and Switching; or CompTIA Security+ ce Desired Qualifications: * Strongly desired experience with application of the Defense Information Systems Agency (DISA) Security Technical Implementation Guides. * Operating System/Computing Environment certificate for Windows Server 2012 or newer UNIX (Linux (Red Hat), Solaris). * Experience with vulnerability scanners. * Documented (certificate) RMF training provided by the Intelligence Community or DoD SAP community. * Experience with assessing security relevant applications. * Experience with Cross Domain Solutions (CDS). Excentium, Inc. is an equal opportunity employer. Excentium offers a competitive salary and comprehensive benefits package, including medical, dental, life, disability, 401k, and paid time off. We take pride in building a workforce with a strong Veterans focus.

Created: 2025-11-15