Security Control Assessor with Security Clearance

---

Job description

Location: Bethesda, MD Clearance: Active TS/SCI w/ Polygraph needed to apply Company Overview: Cornerstone Defense is the Employer of Choice within the Intelligence, Defense, and Space communities of the U.S. Government. Realizing early on that our most prized assets are our employees, we continually focus our attention on improving the overall work/life experience they have supporting the mission. Our Team is pushed every day to use their industry leading knowledge to provide end-to-end solutions to combat our nation's toughest and most secure problems. If you are looking for a place to not only be professionally challenged, but encouraged and supported by a company that cares, don't look any further than Cornerstone Defense. Position Description: Bachelor's degree in computer engineering, Computer Science, Electrical Engineering, Information systems, Information Technology, Cybersecurity, or a closely related discipline. • Four years of additional demonstrated work experience in Security Control Assessor (SCA) and Defensive Cyber Operations (DCO)Testing will be accepted in lieu of a bachelor's degree. • A Master's degree in an applicable discipline be substituted for three years of demonstrated work experience Three (3) years of cybersecurity experience with at least one year of experience conducting SCAs under ICD 503/CNSSI 1253 NIST Cybersecurity Framework, Risk Management Framework (RMF), or a similar framework. One full year of SCA experiences within the last three calendar years. One full year supporting cloud environment and experience performing security assessments in a cloud environment (AWS, Google, IBM, Azure, and Oracle). Must meet Department of Defense (DOD) 8570.01-M baseline certification requirement for Information Assurances Technical (IAT) Level III CASP+CE, CCNP Security, CISA, or CISSP or Associate, GCED, GCIH, or CCSP. Knowledge of Independent Verification & Validation (IV&V) of security controls. Knowledge of general attack strategies (e.g., MITRE ATT&CK Framework). Knowledge of NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other ICDs as appropriate. Skill in conducting vulnerability scans and recognizing vulnerability in security systems (e.g., Cloud Environments) ASW, Google, IBM, Azure, and Oracle. Other Requirements: Make recommendations to the IC CISO or designee for improving TTPS for better cyber threat protection. Knowledge of system and application security threats and vulnerabilities. Knowledge of network access, identity, and access management e.g. public key infrastructure (PKI). Knowledge of network protocols such as Transition Control Protocol/Internet Protocol (TCP/IP), Dynamic Host Configuration, Domain Name System (DNS), and directory Services. Ability to assess the robustness of security systems and designs. Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Three years of experience performing security assessments in a cloud computing environment. Strong writing skills. Write final reports and defend all findings, including risk or vulnerability, mitigation strategies, and references. Report vulnerabilities identified during security assessments. Write penetration testing Rules of Engagement (ROE), Test Plans, and Standard Operating Procedures (SOP). Conducted security reviews, technical research and provided reporting to increase security defense mechanisms. Travel Domestic and International Travel 0-25%. Position Description: Bachelor's degree in computer engineering, Computer Science, Electrical Engineering, Information systems, Information Technology, Cybersecurity, or a closely related discipline. • Four years of additional demonstrated work experience in Security Control Assessor (SCA) and Defensive Cyber Operations (DCO)Testing will be accepted in lieu of a bachelor's degree. • A Master's degree in an applicable discipline be substituted for three years of demonstrated work experience Three (3) years of cybersecurity experience with at least one year of experience conducting SCAs under ICD 503/CNSSI 1253 NIST Cybersecurity Framework, Risk Management Framework (RMF), or a similar framework. One full year of SCA experiences within the last three calendar years. One full year supporting cloud environment and experience performing security assessments in a cloud environment (AWS, Google, IBM, Azure, and Oracle). Must meet Department of Defense (DOD) 8570.01-M baseline certification requirement for Information Assurances Technical (IAT) Level III CASP+CE, CCNP Security, CISA, or CISSP or Associate, GCED, GCIH, or CCSP. Knowledge of Independent Verification & Validation (IV&V) of security controls. Knowledge of general attack strategies (e.g., MITRE ATT&CK Framework). Knowledge of NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other ICDs as appropriate. Skill in conducting vulnerability scans and recognizing vulnerability in security systems (e.g., Cloud Environments) ASW, Google, IBM, Azure, and Oracle. Other Requirements: Make recommendations to the IC CISO or designee for improving TTPS for better cyber threat protection. Knowledge of system and application security threats and vulnerabilities. Knowledge of network access, identity, and access management e.g. public key infrastructure (PKI). Knowledge of network protocols such as Transition Control Protocol/Internet Protocol (TCP/IP), Dynamic Host Configuration, Domain Name System (DNS), and directory Services. Ability to assess the robustness of security systems and designs. Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Three years of experience performing security assessments in a cloud computing environment. Strong writing skills. Write final reports and defend all findings, including risk or vulnerability, mitigation strategies, and references. Report vulnerabilities identified during security assessments. Write penetration testing Rules of Engagement (ROE), Test Plans, and Standard Operating Procedures (SOP). Conducted security reviews, technical research and provided reporting to increase security defense mechanisms. Travel Domestic and International Travel 0-25%.

<!– job description page –>