Independent Assessor with Security Clearance
Rampant Technologies
2024-11-10 07:56:05
Chantilly, Virginia, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
Job Title: Independent Assessor Department: Security Services Delivery - Independent Assessors Team
Reports To: Principal Engineer - Independent Assessor
Grade/Labor Category Level: Level II Individual Contributor
Job Location: Virginia - Herndon/Chantilly/Fairfax I. Company Summary Rampant employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At Rampant, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. Rampant is an Equal Opportunity Employer. II. Job Summary A Rampant Technologies Independent Assessor (IA) is a key resource that is a part of the Rampant team reporting to the Principal Engineer overseeing the IA team to deliver innovative Cyber Security solutions that are in alignment with the company's goals and customer missions. The IA will be tasked to execute against Contract level programs/projects/sub-projects that are within their immediate supervising PE's contract portfolio and/or to matrixed sister contracts managed by other PEs.
The IA position assists the Principal Engineers (PE) on their assigned Contracts with the planning and support and implementation of existing and new contracts plus helps assess opportunities for expansion of existing business and/or help identify net new opportunities. Key Measures of successful performance for IA Level II: o Contract measure - per contract, on-time delivery of assigned tasks that meet the contract scope, standards, and stated deadlines per each contract/project assignment (barring no documented delays or scope constraints imposed outside of the individual contributors span of control).
o Functional measure - annually renews key certifications associated with job description and actively engages in at least 1 training program per year that supports the job/mission.
o Company measure - consistently demonstrates the company's Core Values - PRIORITIZING QUALITY & PROFESSIONALISM, INNOVATION AND EVOLUTION, DEMONSTRATING INTEGRITY, WE EXIST TO ASSIST- OPS IS TOPS, AND CONTINUOUS IMPROVEMENT III. Essential Duties & Responsibilities Functional Responsibilities - IA Level II: Performs problem identification, diagnosis, and resolution of problems
Develops best practices for processes and standards that will better the organization
Performs testing and evaluation of Security Controls
Evaluating A&A documentation and other Body of Evidence (BOE)
Performs security requirements analysis
Researches and analyzes data for vendor products and Commercial off-the-shelf (COTS) components
Identify and evaluate threats and vulnerabilities
Provide recommendations to remediate threats and vulnerabilities
Contributes to detailed analysis on assessment and generates findings in a Security Assessment Report (SAR)
Conducts peer review of Security Assessment Reports (SAR)
Review and recommend new Plans of Actions and Milestones (POAMs) Contract/Project Support Responsibilities:
Assist PE with Customer Relationship & Account Management (relationship building and Issues escalation/remediation)
Assist with PE with Contract/Program/Project Execution & Monitoring
o Critically evaluate information gathered from multiple sources; reconciling conflicts in information gathered. o Knowledge exchange with newly assigned team members
o Timely delivery against Tasking - technical work as assigned, contract documentation, quality reviews, etc o PE may also designate a Level II or III MN3 Individual Contributor IA to act as a project lead to assist with larger scale efforts (status reporting, act as primary point person on tasking that requires deliverables from multiple team members, etc).
o Tasking Status as defined by contract and/or PE - performs written check-ins/status and participates in all contractually obligated status per contract and/or the Principal Engineer's guidelines (Zoom/Conference Calls and/or onsite as needed if different from normal office location)
o Provides timely feedback to Contract level PE if encountering challenges within a project that will impact delivery and ensure both your direct manager/PE and matrixed Contract PE is aware of any schedule outages (time off/training) o Contract escalation resolution - within the internal contract team and within customer as necessary
Assist PE and Founders with the identification of upsell opportunities w/in existing contracts as well as identifying new lead generation. And as warranted assist with RFI/RFPs necessary to garner new work.
When assigned/matrixed to contracts outside of assigned PE supervisor's portfolio of projects - ensure lines of communication stay open with both the Contract Manager and immediate supervisor/PE. Team Aligned Responsibilities: Peer Mentoring - assist PE's with constructive coaching, and mentorship to more junior team members learning new components of their job. Remaining focused on mission/top priorities as assigned
Participation in annual self-evaluations Adherence to the company's core values, priorities and mission
Continued focus and interest in development of skills that benefit the individual contributor and the company's mission. IV. Key Skills, Education & Experience Bachelor's degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline. Five (5) years of ISSE experience may be substituted for a bachelor's degree. Minimum of eight (8) years' relevant experience in cybersecurity (or compatible technology concentration) with two (2+) years of direct experience in the same level/grade for like role Should have performed in a project/tasking lead role in at least three (3) Cybersecurity initiatives.
Experience managing direct reports in previous projects and or companies is preferred
IA Techno functional knowledge of/experience in: o Demonstrated experience with NIST 800-53A, Rev. 4, NIST 800 SP-37, ICD 503 and common vulnerabilities and exposures, DISA STIGs, strong familiarity with FISMA, RMF, and other information security-related federal guidelines. o Knowledge of Windows, Red Hat, Solaris, and UNIX based operating systems o Knowledge of Cisco, Juniper, and other network and firewall iOS
o General understanding of networking devices - routers, switches, load balancers, firewalls
o General understanding of network management tools - HP Network Automation (HPNA), Network Node Manager i (NNMi), IP Address Management (IPAM), etc Recognizes and incorporates various security designs and lessons learned
Follow industry trends and developments to ensure engineering security services are consistent with, and/or superior to, industry best practices
Ability to articulate business and technology needs/constraints to both technical and non-technical project team members and end users alike.
Strong oral communication skills, including the ability to effectively interact with all levels of a contract team
Strong written communications skills, including the ability to produce clear and concise recommendations, assessments, specifications, and integration plans.
Hands on experience and proficiency with the full Microsoft Office Suite and tools such as Microsoft Project, Microsoft Visio
Experience working in a matrixed environment
Self-starter/motivator and having a proactive and strategic mindset are a must
Interacts with all levels of the company and its customers/partners with patience, courtesy, diplomacy, and professionalism V. Certifications & Credentials Must have certifications (certifications with indicate willing to hire if certification is within 3-6 months of finalizing): o Active TS/SCI w/ Poly clearance required
o MUST meet DoD 8570 IAT Level III requirements o IAT Level II Certifications (CISSP or equivalent) Nice to have certifications:
o Certified Expert Independent Assessor (CEIA) or equivalent Assessor certification
o Certified Ethical Hacker (CEH)
o CompTIA PenTest+ VI. Additional Responsibilities: Performs other duties as assigned.
Adheres to other performance measures as assigned during contract assignments and annual goals alignment. VII. Language Skills All output, communications, materials will be generated in English.
VIII. Physical Demands
Predominantly stationary
Travel