Job Description :
Dakota Consulting, Inc. () is a growing company that provides innovative business, IT, scientific research, and cybersecurity services to federal and commercial customers. Dakota’s objective is to provide services that meets customers’ needs and exceeds their expectations. Our core values include honesty, a commitment to exceptional customer service, and providing a respectful, fun, challenging, and learning place of employment. We actively recruit for dedicated, technically competent individuals and partners that are self-motivated while performing exceptionally well in a collaborative team effort. Dakota’s headquarters are in Silver Spring, MD.
Dakota is looking for a senior security control assessor (SCA) to join our team at CBP in Falls Church, VA. The candidate will perform security control assessment activities in accordance with National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) Step 4 and DHS 4300 A Sensitive Systems Handbook. Prior/Current DHS clearance, Top Secret or Secret Clearance required.
Job Functions
Security Control Assessments
Serve as team player for all assigned client security control assessment activities in accordance with agency defined processes and procedures
Develop and maintain the overall Security Assessment Plan Schedule used to forecasts ST&E activities over the contract period of performance
Create comprehensive security assessment plans to include the Rules of Engagement (ROE) requirements for identified security controls following NIST 800-53a, FedRAMP guidance, and/or agency-specific guidance
Conduct security control assessment of low, moderate, and high impact federal information systems to include cloud service offerings in accordance with FedRAMP requirements.
Conduct vulnerability scans on OS platforms (Unix, Linux & Windows), Web Applications, DB platforms (Oracle, MS SQL) and Cloud Computing systems using vulnerability scanning tools to include Tenable Nessus, HP WebInspect, and Trustwave AppDective
Produce complete, accurate, and timely findings reports via the agency’s IACS tool XACTA and defined SCA templates
Review existing security documents (e.g., system boundaries, PIA, SSP, RA, incident response, contingency plan, etc and perform quality gap analysis for improvements Documenting NIST 80053 security control compliance findings within Requirements Traceability Matrixes (RTMs) and Security Assessment Reports (SARs
Perform POA&M Tracking and Remediation in the Agency database (Telos Xacta) based on Agency-specific guidance
Experience/Requirements
Active secret security clearance or higher. DHS or CBP background investigation highly desirable
At least 6 years’ experience
With federal regulations and security compliance requirements for civilian federal agencies (FISMA, NIST 800 series, OMB A-130, FedRAMP, etc;
Performing range of cybersecurity activities—creation and update of SSPs, RAs, CPs, PIAs, etc.; and
Conducting security control assessments using NIST SP 800-53, including preparation of complete authorization packages
Six years of experience in conducting security control assessments using NIST SP 800-53, NIST SP800-53A controls and/or DHS 4300 A guidance.
Two (2) years of experience conducting FedRAMP Readiness Assessments for FedRAMP cloud environments or knowledge of cloud security.
Effective verbal, written, and listening communications skills
Competence with all Microsoft office products, e.g., Word, Excel, and Access
Expertise in technical security assessment techniques, tools, and practices
2 years or more of experience in hands-on vulnerability security scanning tools to include Nessus Tenable, WebInspect and AppDetective
Education / Certification Requirements
Bachelor’s Degree or equivalent experience in the IT security field
Desired Information Security Professional Certifications: CISSP, CISM, CISA, CAP, CEH, CCNA, etc.
Desired experience to include member of a certified FedRAMP 3PAO
Must be a US citizen or permanent resident and be able to obtain a successfully background investigation by DHS or CBP