Senior Security Controls Assessor; SCA

Senior Security Controls Assessor (SCA)

nDepth Security, LLC – Columbia, MD

• Conducting verification and validation for security compliance of all information systems, products, and components.
• Analyzing design specifications, design documentation, configuration practices and procedures, and operational practices and procedures.
• Providing identification of non‑compliance of security requirements and possible mitigations to requirements that are not in compliance.
• Validating the security requirements of the information system.
• Verifying and validating that the system meets security requirements.
• Providing vulnerability assessments of the system.
• Coordinating penetration testing.
• Providing a comprehensive verification and validation report (assessment report) for the information system.
• Providing process improvement recommendations.
• Assisting the customer to draft standards and guidelines for usage.
• Conducting on‑site evaluations.

• Twelve years of related work experience (a Bachelor’s Degree in Computer Science or IT Engineering may be substituted for four years of experience).
• Experience in security or system engineering in five or more areas, including: telecommunications concepts, operating systems, databases/DBMS, middleware, applications, web‑servers, SANS/Netaps, Active Directory, firewalls, and controlled interfaces;
  DoD 8570‑1M Change 2 IAT Level III or IAM Level III requirements, including certification in an operating system such as Linux/Unix or Windows; the desired Windows certification is the Microsoft Certified Information Technology Professional (MCITP).
• Must be a U.S. citizen.
• Must be fully cleared with FS poly.

• Strong presentation, report writing, and customer interface skills.
• Familiarity with various operating systems such as Microsoft Windows, various versions of UNIX (AIX, Solaris, HPUX, etc.), and Linux.
• Detailed knowledge of TCP/IP and other major protocols (e.g. NetBEUI, NETBIOS, IPX/SPX) and the inherent weaknesses of the protocols.
• Understanding of “hacking” methodology concerning performance of vulnerability assessments.
• Ability to describe a system’s avenues of compromise in a network environment and differentiate between various types of network attacks.
• An understanding of a typical secure topology and architecture for a site connected to the Internet (e.g., routers, firewalls, web servers).
• Understanding of how to read and interpret a network diagram and identify possible security‑related concerns.
• Ability to keep a robust security skill set current and to work on multiple projects concurrently.
• Previous instructor‑led training experience and developing classroom lectures and material to facilitate in‑person and online learning activities.
• Experience with Learning Management Systems (LMS) such as Moodle, Canvas, and Blackboard.