The Swift Group is seeking an experienced Security Control Assessor (SCA) to join our team. This candidate will be responsible for evaluating the security posture of our systems and infrastructure, ensuring compliance with relevant frameworks and standards, and identifying vulnerabilities to mitigate potential risks effectively. The ideal candidate will have a strong background in cybersecurity, extensive experience with compliance and vulnerability scanning tools, and a deep understanding of assessment and authorization processes. This position is located in Bethesda, MD.
Required Qualifications: 3+ years of cybersecurity experience with at least one year of experience conducting SCAs under ICD 503/CNSSI 1253 NIST Cybersecurity Framework, Risk Management Framework (RMF), or a similar frameworkAt least 1 year of experience as a Security Control Assessor (SCA) within the past 3 calendar yearsDemonstrated hands-on experience with compliance and vulnerability scanning tools (XACTA, RedSeal, Nessus, Splunk, McAfee ePO, and/or other vulnerability scanners)Possess a strong understanding of the Assessment and Authorization (A&A) processOne full year supporting cloud environment and experience performing security assessments in a cloud environment (AWS, Google, IBM, Azure, and Oracle)Must meet Department of Defense (DOD) 8570.01-M baseline certification requirement for Information Assurances Technical (IAT) Level III CASP+CE, CCNP Security, CISA, or CISSP or Associate, GCED, GCIH, or CCSPPossess knowledge of Independent Verification & Validation (IV&V) of security controlsPossess knowledge of general attack strategies (e.g., MITRE ATT&CK Framework)Demonstrated knowledge of NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other ICDs as appropriateAbility to make recommendations to the IC CISO or designee for improving TTPS for better cyber threat protectionKnowledge of network access, identity, and access management e.g. public key infrastructure (PKI)Knowledge of network protocols such as Transition Control Protocol/Internet Protocol (TCP/IP), Dynamic Host Configuration, Domain Name System (DNS), and directory ServicesHigh School DiplomaUS Citizenship and an active TS/SCI with Polygraph security clearance requiredDesired Qualifications: Demonstrated experience writing final reports and defend all findings, including risk or vulnerability, mitigation strategies, and referencesReport vulnerabilities identified during security assessmentsExperience writing penetration testing Rules of Engagement (ROE), Test Plans, and Standard Operating Procedures (SOP)Demonstrated experience conducting security reviews, technical research and provided reporting to increase security defense mechanismsThe Swift Group is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
#J-18808-Ljbffr
