Security Control Assessor (SCA) NF5
Apply NowCompany: MCSS
Location: Quantico, VA 22134
Description:
Job Summary
Marine Corps Community Services (MCCS)is looking for the best and brightest to join our Team! MCCSis a comprehensive program that supports and enhances the quality of life for Marines, their families, and others in the Marine Corps Community.Weoffer a team-oriented environment comprised of military personnel, civilian employees, contractors and volunteers who keep the organization functioning smoothly and effectively.As a service-oriented organization, we never waver in our commitment to our Corps.
Major Duties
The Security Control Assessor (SCA) conducts independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine their overall effectiveness across MCCS . Advises Chief Information Office (CIO), Authorization official (AO) and other stakeholders on risks associated with technology acquisition, maintenance and deployments and provides recommendations for initial or continued operation for the AO's consideration. Collaborates with other technology professionals to include cyber security, operations, cloud, business applications, project management office, etc.
Scope Of Responsibilities
Qualifications
Bachelor's degree in information technology or business-related field appropriate to the work of position AND ten years of experience performing cyber security roles at the State or Federal level. Meet both training and certification requirements for becoming an SCA for USMC including a current CISSP certification OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above.
Knowledge of DoD, DON and Marine Corps policy and process directives applicable to the development and administration of cybersecurity architecture, risk management framework, and cyberspace operations.
Knowledge of risk management processes, secure configuration management techniques, Government laws and policies, cyber threats and vulnerabilities, encryption algorithms, host/network access control mechanisms, vulnerability information dissemination sources, Payment Card Industry (PCI) data security standards, Personally Identifiable Information (PII) data security standards and incident response and handling practices.
Skill in applying and reviewing security controls and conducting application vulnerability assessments, interpreting vulnerability scanner results, assessing cloud security measures and microservices, preparing Test & Evaluation reports. Experience with Security Content Automation Protocol (SCAP) content and Security Technical Implementation Guides (STIGS) based tools for benchmark, compliance checks, and security configuration reviews.
As an authorized and privileged user of Department of Defense Information Systems must fulfill the requirement to complete DoD Workforce Improvement Program certification (DoD 8570.01-M) as a condition of access within six months of employment.
This position had been determined as Moderate Risk. As a condition of employment, the incumbent must be able to obtain and maintain an Access National Agency Check and Inquiries (ANACI/ Tier 3) Secret Clearance to access classified information.
Eligible for telework as determined by MR/MF policy.
How To Apply
All applications must be submitted onlinevia the MCCS Careers website: https://careers.usmc-mccs.org
Resumes/applications emailed or mailed will not be considered for this vacancy announcement. Resumes submitted with pictures will not be considered. Tobe considered for employment, the application or resume must be submitted online by11:59 PM (ET) on the closing date of the announcement.
Note: To check the status of your application or return to a previous or incomplete application, logintoyourMCCS user account and review your application status.
Closing Statement
GENERAL INFORMATION:Applicants are assured of equal consideration regardless of race, age, color, religion, national origin, gender, GINA, political affiliation,membership or non-membership in an employee organization, marital status, physical handicap which has no bearing on the ability to perform the duties of the position. This agency provides reasonable accommodations to applicants with disabilities. If you need a reasonable accommodation for any part of the application and hiring process, please notify the agency. The decision on granting reasonable accommodation will be on a case-by-case basis.
It is Department of Navy (DON) policy to provide a workplace free of discrimination and retaliation. The DON No Fear Act policy link is provided for your review: https://www.donhr.navy.mil/NoFearAct.asp.
As part of the employment process, Human Resources Division may obtain a Criminal Record Check and/or an Investigative Consumer Report. Employment is contingent upon the successful completion of a National Agency Check and Inquiries (NACI).For all positions requiring access to firearms or ammunition, the Federal Government is prohibited from employing individuals in these positions who have ever been convicted of a misdemeanor crime of domestic violence, or a felony crime of domestic violence adjudged on or after 27 November 2002. Selectees for such positions must submit a completed DD Form 2760, Qualification to Possess Firearms or Ammunition, before a final job offer can be made.
Direct Deposit of total NET pay is mandatory as a condition of employment for all appointments to positions within MCCS.
Required Documents:
*Education/certification certificate(s), if applicable.
*If prior military, DD214 Member Copy
This activity is a Drug-free workplace. The use of illegal drugs by NAF employees, whether on or off duty, cannot and will not be tolerated. Federal employees have a right to a safe and secure workplace, and Marines, sailors, and their family members have a right to a reliable and productive Federal workforce.
Involuntarily separated members of the armed forces and eligible family members applying through the Transition Assistance Program must submit a written request/statement (may be obtained from the MCCS Human Resources Office) and present ID card with "TA" stamped in red on front of card.
INDIVIDUALS SELECTED FROM THIS ANNOUNCEMENT MAY BE CHANGED TO PART-TIME OR FULL-TIME AT MANAGEMENT'S DISCRETION WITHOUT FURTHER COMPETITION.
ALL ONLINE APPLICATIONS MUST BE RECEIVED BY 1159PM EASTERN TIME (ET) ON THE CLOSING DATE LISTED IN THE JOB POSTING.
Marine Corps Community Services (MCCS)is looking for the best and brightest to join our Team! MCCSis a comprehensive program that supports and enhances the quality of life for Marines, their families, and others in the Marine Corps Community.Weoffer a team-oriented environment comprised of military personnel, civilian employees, contractors and volunteers who keep the organization functioning smoothly and effectively.As a service-oriented organization, we never waver in our commitment to our Corps.
Major Duties
The Security Control Assessor (SCA) conducts independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine their overall effectiveness across MCCS . Advises Chief Information Office (CIO), Authorization official (AO) and other stakeholders on risks associated with technology acquisition, maintenance and deployments and provides recommendations for initial or continued operation for the AO's consideration. Collaborates with other technology professionals to include cyber security, operations, cloud, business applications, project management office, etc.
Scope Of Responsibilities
- Develop and maintain a comprehensive security assessment and monitoring program in-line with MCCS Mission and business objectives. Manage and approve accreditation packages.
- Conduct security reviews, identify security gaps and develop a comprehensive risk management plan. Conduct risk analysis (e.g., threats, vulnerabilities, and probability of occurrence) whenever an application or system undergoes a major change.
- Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
- Provides input to the Risk Management Framework (RMF) process activities and related documentation.
- Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each technology solution.
- Provide guidance regarding remediation and mitigation of identified vulnerabilities. Review remediation actions based on the findings and recommendations and performs reassessment of remediated controls.
- Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers, etc.).
- Verify that security configurations are implemented as stated; document deviations and recommend actions to correct those deviations.
- Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risks.
- Determine the level of residual risk based on the overall effectiveness of the security program and provide authorization recommendations to the Authorization Official (AO).
- Ensure that plans of actions and milestones (POA&M) or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
- Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
- Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
- Strong interpersonal and communication skills (verbal and written) with the ability to relate to people at all levels in the organization. Strong team leadership/collaborative leadership skills.
- Ability to function in a collaborative environment, seeking continuous consultation with other analysts and expertsboth internal and external to the organization'to leverage analytical and technical expertise.
- Comfortable managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.
- Able to identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
- Able to relate strategy, business, and technology in the context of organizational dynamics.
- Understands technology, management, and leadership issues related to organization processes and problem solving.
- Able to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
- Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
- Ability to dissect a problem and examine the interrelationships between data that may appear unrelated.
- Ability to ensure security practices are followed throughout the acquisition process.
- Knowledgeable in applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Knowledgeable in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
- Able to troubleshoot and diagnose cyber defense infrastructure anomalies and work through resolution.
- Proficient in applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Qualifications
Bachelor's degree in information technology or business-related field appropriate to the work of position AND ten years of experience performing cyber security roles at the State or Federal level. Meet both training and certification requirements for becoming an SCA for USMC including a current CISSP certification OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above.
Knowledge of DoD, DON and Marine Corps policy and process directives applicable to the development and administration of cybersecurity architecture, risk management framework, and cyberspace operations.
Knowledge of risk management processes, secure configuration management techniques, Government laws and policies, cyber threats and vulnerabilities, encryption algorithms, host/network access control mechanisms, vulnerability information dissemination sources, Payment Card Industry (PCI) data security standards, Personally Identifiable Information (PII) data security standards and incident response and handling practices.
Skill in applying and reviewing security controls and conducting application vulnerability assessments, interpreting vulnerability scanner results, assessing cloud security measures and microservices, preparing Test & Evaluation reports. Experience with Security Content Automation Protocol (SCAP) content and Security Technical Implementation Guides (STIGS) based tools for benchmark, compliance checks, and security configuration reviews.
As an authorized and privileged user of Department of Defense Information Systems must fulfill the requirement to complete DoD Workforce Improvement Program certification (DoD 8570.01-M) as a condition of access within six months of employment.
This position had been determined as Moderate Risk. As a condition of employment, the incumbent must be able to obtain and maintain an Access National Agency Check and Inquiries (ANACI/ Tier 3) Secret Clearance to access classified information.
Eligible for telework as determined by MR/MF policy.
How To Apply
All applications must be submitted onlinevia the MCCS Careers website: https://careers.usmc-mccs.org
Resumes/applications emailed or mailed will not be considered for this vacancy announcement. Resumes submitted with pictures will not be considered. Tobe considered for employment, the application or resume must be submitted online by11:59 PM (ET) on the closing date of the announcement.
Note: To check the status of your application or return to a previous or incomplete application, logintoyourMCCS user account and review your application status.
Closing Statement
GENERAL INFORMATION:Applicants are assured of equal consideration regardless of race, age, color, religion, national origin, gender, GINA, political affiliation,membership or non-membership in an employee organization, marital status, physical handicap which has no bearing on the ability to perform the duties of the position. This agency provides reasonable accommodations to applicants with disabilities. If you need a reasonable accommodation for any part of the application and hiring process, please notify the agency. The decision on granting reasonable accommodation will be on a case-by-case basis.
It is Department of Navy (DON) policy to provide a workplace free of discrimination and retaliation. The DON No Fear Act policy link is provided for your review: https://www.donhr.navy.mil/NoFearAct.asp.
As part of the employment process, Human Resources Division may obtain a Criminal Record Check and/or an Investigative Consumer Report. Employment is contingent upon the successful completion of a National Agency Check and Inquiries (NACI).For all positions requiring access to firearms or ammunition, the Federal Government is prohibited from employing individuals in these positions who have ever been convicted of a misdemeanor crime of domestic violence, or a felony crime of domestic violence adjudged on or after 27 November 2002. Selectees for such positions must submit a completed DD Form 2760, Qualification to Possess Firearms or Ammunition, before a final job offer can be made.
Direct Deposit of total NET pay is mandatory as a condition of employment for all appointments to positions within MCCS.
Required Documents:
*Education/certification certificate(s), if applicable.
*If prior military, DD214 Member Copy
This activity is a Drug-free workplace. The use of illegal drugs by NAF employees, whether on or off duty, cannot and will not be tolerated. Federal employees have a right to a safe and secure workplace, and Marines, sailors, and their family members have a right to a reliable and productive Federal workforce.
Involuntarily separated members of the armed forces and eligible family members applying through the Transition Assistance Program must submit a written request/statement (may be obtained from the MCCS Human Resources Office) and present ID card with "TA" stamped in red on front of card.
INDIVIDUALS SELECTED FROM THIS ANNOUNCEMENT MAY BE CHANGED TO PART-TIME OR FULL-TIME AT MANAGEMENT'S DISCRETION WITHOUT FURTHER COMPETITION.
ALL ONLINE APPLICATIONS MUST BE RECEIVED BY 1159PM EASTERN TIME (ET) ON THE CLOSING DATE LISTED IN THE JOB POSTING.