Overview
On Site
0 to 0
Full Time
No Travel Required
Skills
Security Assessment Report
Security Assessment and Authorization
Monitoring
Compliance
Security +
CAP
CISSP
CEH
Software and Hardware
Job Details
Description:
Business Operational Concepts (BOC) is a recognized leader in providing Technical and Program Management Services, Information Technology, and Support.
BOC has enabled their Government and Commercial clients to achieve their organizational initiatives through the application of high quality, innovative, and cost-effective professional services and solutions. We provide a positive working environment, with opportunities for advancement in our growing Federal sector workforce.
We offer an excellent compensation package which includes a generous salary, insurance (medical, dental, etc.), paid leave, 401k plan and more. We are committed to the diversity we bring to the marketplace and believe customer satisfaction comes first.
JOB SUMMARY:
Business Operational Concepts (BOC) is currently seeking a Security Control Assessor to work with our government client. The selected candidate will conduct independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by the clients IT system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37 and NIST SP 800-53a).
DUTIES AND RESPONSIBILITIES:
* Provide expert security advice and recommendations to manage identified risks.
* Plan, develop, and conduct security testing of management, operational, and technical controls. Analyze and assess results based on risk to clients information systems.
* Participate in internal and external reviews, inspections, and audits to ensure compliance with federal laws and clients security policy.
* Conduct risk assessments to identify and mitigate risk to IT systems, facilities, and critical assets.
* Evaluate and assess network security configurations and recommend corrective actions to mitigate identified deficiencies.
* Create Security Assessment Reports and deliver test results to system stakeholders. Provide expert security advice and recommendations to manage identified risks.
Requirements:
QUALIFICATIONS:
Required (Minimum) Qualifications Education, Certification, Experience, and Skills
* Security+
* Certified Authorization Professional (CAP)
* Certified Information Systems Auditor (CISA)
* Basic level understanding of basic computer and networking technologies
* TCP/IP stack
* Windows operating systems
* Linux/Unix-based operating systems
* Networking technologies (routing, switching, VLANs, subnets, firewalls)
* Common networking protocols SSH, SMB, SMTP, FTP/SFTP, HTTP/HTTPS, DNS, etc.
* Common enterprise technologies Active Directory, Group Policy, VMware vSphere
* Moderate level understanding of IT security principles, technologies, best practices, and NIST guidance
* Logical Access Control
* PKI and other encryption methods
* DISA STIG Security configuration baselines
* Auditing
* Vulnerability discovery and management
* NIST SP 800-53 rev. 4 control
* Excellent communications skills. Ability to communicate with senior management and federal client staff both technical and non-technical in a clear and concise manner using proper spelling, punctuation and grammar.
* Mastery of federal IT security laws such as the Federal Information Security Management Act (FISMA), policies, regulations, requirements, Executive Orders and Presidential Decision Directives such as EO 13556, HSPD12, OMB Memos M-06-16, and M-07-16; NIST 800 series, the federal IT security and incident reporting hierarchy.
* Knowledge and experience in categorizing systems per current NIST guidelines, defining system boundaries and identifying minimum and supplementary security controls to protect sensitive and critical IT systems.
* Knowledge and experience with the Risk Management Framework (RMF), Assessment and Authorization (A&A), SSP Development, and conducting audits of security controls.
* Knowledge and experience protecting the confidentiality, integrity and available of sensitive and critical information systems
* Knowledge and experience performing network security vulnerability assessments.
* Knowledge and experience with all areas of the System Development Lifecycle (SDLC) of IT systems.
Preferred Qualifications Education, Certification, Experience, Skills, Knowledge, and Abilities
* Minimum of 2+ years of experience as a cyber security assessor and/or ISSO
* Bachelors Degree or higher in information technology or information security-related field
* Interest in security/hacking culture. Ability to think like an attacker
* Some proficiency in Cloud Computing Offerings (Cloud Systems, SaaS, IaaS, PaaS).
* Familiarity with Cloud Service Providers (CSPs) and basic cloud deployment models
* Certifications of interest:
* Certified Information Systems Security Professional (CISSP)
* Microsoft Certified Solutions Associate (MCSA)
* Red Hat Certified System Administrator (RHCSA)
* Certified Ethical Hacker (CEH)
Business Operational Concepts (BOC) is a recognized leader in providing Technical and Program Management Services, Information Technology, and Support.
BOC has enabled their Government and Commercial clients to achieve their organizational initiatives through the application of high quality, innovative, and cost-effective professional services and solutions. We provide a positive working environment, with opportunities for advancement in our growing Federal sector workforce.
We offer an excellent compensation package which includes a generous salary, insurance (medical, dental, etc.), paid leave, 401k plan and more. We are committed to the diversity we bring to the marketplace and believe customer satisfaction comes first.
JOB SUMMARY:
Business Operational Concepts (BOC) is currently seeking a Security Control Assessor to work with our government client. The selected candidate will conduct independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by the clients IT system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37 and NIST SP 800-53a).
DUTIES AND RESPONSIBILITIES:
* Provide expert security advice and recommendations to manage identified risks.
* Plan, develop, and conduct security testing of management, operational, and technical controls. Analyze and assess results based on risk to clients information systems.
* Participate in internal and external reviews, inspections, and audits to ensure compliance with federal laws and clients security policy.
* Conduct risk assessments to identify and mitigate risk to IT systems, facilities, and critical assets.
* Evaluate and assess network security configurations and recommend corrective actions to mitigate identified deficiencies.
* Create Security Assessment Reports and deliver test results to system stakeholders. Provide expert security advice and recommendations to manage identified risks.
Requirements:
QUALIFICATIONS:
Required (Minimum) Qualifications Education, Certification, Experience, and Skills
* Security+
* Certified Authorization Professional (CAP)
* Certified Information Systems Auditor (CISA)
* Basic level understanding of basic computer and networking technologies
* TCP/IP stack
* Windows operating systems
* Linux/Unix-based operating systems
* Networking technologies (routing, switching, VLANs, subnets, firewalls)
* Common networking protocols SSH, SMB, SMTP, FTP/SFTP, HTTP/HTTPS, DNS, etc.
* Common enterprise technologies Active Directory, Group Policy, VMware vSphere
* Moderate level understanding of IT security principles, technologies, best practices, and NIST guidance
* Logical Access Control
* PKI and other encryption methods
* DISA STIG Security configuration baselines
* Auditing
* Vulnerability discovery and management
* NIST SP 800-53 rev. 4 control
* Excellent communications skills. Ability to communicate with senior management and federal client staff both technical and non-technical in a clear and concise manner using proper spelling, punctuation and grammar.
* Mastery of federal IT security laws such as the Federal Information Security Management Act (FISMA), policies, regulations, requirements, Executive Orders and Presidential Decision Directives such as EO 13556, HSPD12, OMB Memos M-06-16, and M-07-16; NIST 800 series, the federal IT security and incident reporting hierarchy.
* Knowledge and experience in categorizing systems per current NIST guidelines, defining system boundaries and identifying minimum and supplementary security controls to protect sensitive and critical IT systems.
* Knowledge and experience with the Risk Management Framework (RMF), Assessment and Authorization (A&A), SSP Development, and conducting audits of security controls.
* Knowledge and experience protecting the confidentiality, integrity and available of sensitive and critical information systems
* Knowledge and experience performing network security vulnerability assessments.
* Knowledge and experience with all areas of the System Development Lifecycle (SDLC) of IT systems.
Preferred Qualifications Education, Certification, Experience, Skills, Knowledge, and Abilities
* Minimum of 2+ years of experience as a cyber security assessor and/or ISSO
* Bachelors Degree or higher in information technology or information security-related field
* Interest in security/hacking culture. Ability to think like an attacker
* Some proficiency in Cloud Computing Offerings (Cloud Systems, SaaS, IaaS, PaaS).
* Familiarity with Cloud Service Providers (CSPs) and basic cloud deployment models
* Certifications of interest:
* Certified Information Systems Security Professional (CISSP)
* Microsoft Certified Solutions Associate (MCSA)
* Red Hat Certified System Administrator (RHCSA)
* Certified Ethical Hacker (CEH)