top of page

             

 *Emails without an attached resume will be ignored

 

               

 

Security Control Assessor (SCA) Level III


In support of the Department of Homeland Security’s Cyber Security Division under the newly
created Cyber and Infrastructure Security Agency, Bespoke Technologies, Inc. provides
specialized security services to support the Department’s critical cyber programs. The National
Cybersecurity Protection System (NCPS), also known as the EINSTEIN set of capabilities, is an
integrated system of intrusion detection, analytics, intrusion prevention, and information sharing
capabilities that defend the federal executive branch civilian government’s IT infrastructure from
cyber threats. The Enhanced Cybersecurity Services (ECS) program is a key avenue through
which DHS fulfills its mission to protect U.S. based public and private entities from
cybersecurity threats. ECS provides intrusion prevention capabilities that help U.S.-based
companies protect their computer systems against unauthorized access, exploitation, and data
exfiltration.

In support of these efforts, our Security Control Assessor will:

  •  Perform and lead Risk Management Framework (RMF) assessments, authorizations, and

monitoring steps for systems following NIST and ICD 503 standards and best practices.

  • Work in close coordination with all system stakeholders - Create and maintain existing

information system security documentation, including System Security Plan (SSP),
Security Controls Matrix and/or Assessment, and Security Configuration Guide
(controlled changes to the system).

  • Develop or modify implementation and design documents describing how security

features are implemented. Prepare system documentation for assessment in accordance
with the Risk Management Framework (RMF) and NIST Special Publications (800-37,
800-53 and others); identify deficiencies and provide recommendations for solutions.

  • Performs host, network, cloud, application based security control assessments

Create security policies and maintain existing information system security documentation

  • Conduct comprehensive assessment of the management, operation, and technical controls

to determine overall effectiveness of controls

  • Conduct periodic and continuous reviews of the system to ensure compliance with the

authorization package

  • Responsible for elements of physical and environmental protection, personnel security,

incident handling, and security training and awareness and ensure systems are operated,
maintained, and disposed of in accordance with security policies and procedures

  • Participate in the change management process, including reviewing Requests for Change

(RFC) and assist in the assessment of a potential change's security impact

  • Conduct daily, weekly and monthly audit review and management of the audit collection

system

  • Continuously review and evaluate vendor, security, and business best practices for

implementing a comprehensive audit program

  • Remain sensitive to security infractions and assist in security investigations and

responses as requested

  • Monitor system recovery processes to ensure security features and functions are properly

restored and functioning correctly following an outage

Required Skills:

  • Bachelor’s degree required and 10 years of experience applying RMF, 800-53 and

Government IT security frameworks

  • Knowledge of IT audits, including conducting technical security compliance tests and

vulnerability assessments.

  • Knowledge of Government security requirements for access control

  • Demonstrated ability to use MS Office Suite to include Word, PowerPoint, and Excel.

  • Superior communication skills, both written and oral.

  • US Citizenship

  • A U.S. Government TS/SCI Clearance

Desired Skills:

  • Certifications in at least one of the following such as SCP, Cisco Certified Network

Associate (CCNA)-Security, GIAC Security Essentials Certification (GSEC), Certified
Information Systems Auditor (CISA), GIAC Certified Incident Handler (GCIH), GIAC
Certified Enterprise Defender (GCED), CISSP, CompTIA Advanced Security
Practitioner (CASP) or comparable

  • Advanced degree in Computer Science, Cyber Security, Mathematics, or Engineering is

highly desirable.

  • DHS Suitability and experience

bottom of page