SCA Cross Domain Solutions (CDS) Analyst

Job Details

Job Location ARLINGTON, VA 3 (DARPA) - Arlington, VAPosition Type Contractor

Description

Security Control Assessor (SCA) - Cross Domain Solutions (CDS) Analyst

 

System High is looking for an experienced CDS Analyst to join our team.  This role requires a deep understanding of information security principles, risk management frameworks (e.g., NIST Risk Management Framework (RMF)), and specific experience with CDS architectures, security controls, and evaluation methodologies. The SCA will analyze system configurations, review documentation, conduct testing, and provide recommendations to ensure the confidentiality, integrity, and availability of information traversing different security domains. The individual will work closely with system owners, developers, security engineers, and other stakeholders to identify vulnerabilities, assess compliance, and support the authorization process for CDS.

The CDS Analyst will perform the following responsibilities:

• Conduct Security Assessments: Plan, execute, and document comprehensive security control assessments of CDS, adhering to established standards, policies, and procedures (e.g., NIST SP 800-53A, CNSSI 1253).
   
• CDS Expertise: Demonstrate a strong understanding of CDS architectures, security mechanisms (e.g., filtering, inspection, data diodes), and evaluation methodologies specific to cross-domain data transfer.
   
• Classification Levels: Possess experience in assessing CDS operating at various classification levels (e.g., Unclassified, Secret, Top Secret, SCI, SAP) and understand the unique security requirements associated with each level.
   
• Risk Management: Identify and analyze security risks associated with CDS, determine the likelihood and impact of potential vulnerabilities, and recommend appropriate mitigation strategies.
   
• Documentation Review: Thoroughly review system security plans (SSPs), contingency plans, incident response plans, and other relevant documentation to ensure compliance with security requirements and generate security assessment reports (SARs).
   
• Testing and Validation: Perform security assessment testing, which may include vulnerability scanning, penetration testing, and security control validation, to identify weaknesses and verify the effectiveness of security controls.
   
• Reporting and Recommendations: Prepare clear, concise, and comprehensive security assessment reports that document findings, risks, and recommendations for remediation. Provide technical guidance to system owners and developers on implementing security controls and addressing vulnerabilities.
   
• Compliance: Ensure CDS comply with applicable security policies, standards, and regulations, including NIST publications, DoD directives, and other relevant guidelines.
   
• Collaboration: Collaborate effectively with system owners, developers, security engineers, and other stakeholders to facilitate the security assessment process and promote a strong security posture.
   
• Continuous Improvement: Stay informed of emerging security threats, vulnerabilities, and technologies, and contribute to the continuous improvement of security assessment methodologies and processes.
   
• Authorization Support: Support the authorization process for CDS by providing technical expertise, reviewing security documentation, and participating in security authorization working groups. 
   
• Travel: May require occasional travel to support assessment activities at various locations.

Qualifications

Required Qualifications
 

• Education: 
  • A bachelor's degree in Computer Science, Information Security, or a related field; equivalent experience may be considered.
     
• Experience:
  • Minimum of 10-15  years of experience in information security, with a focus on security assessment and authorization.
  • Demonstrated experience assessing CDS is required. 
  • Experience with DoD DSAWG/ISRMC and/or DIA processes for authorizing a CDS is required.
  • Experience working with various classification levels (e.g., Unclassified, Secret, Top Secret) is required; SCI and SAP are preferred.
  • Experience with the NIST RMF is required.
     
• Certifications: 

One or more of the following certifications is highly desirable:

• • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Ethical Hacker (CEH)
  • CompTIA Security+
  • GIAC Security Certifications (e.g., GSEC, GCIA, GPEN)
     
• Technical Skills:
  • Strong understanding of security principles, risk management frameworks, and security controls.
  • Proficiency in conducting vulnerability assessments, penetration testing, and security control validation.
  • Experience with security assessment tools and technologies (e.g., Nessus, Nmap, Metasploit).
  • Familiarity with operating systems, networking protocols, and security architectures.
  • Knowledge of security hardening techniques and best practices.
     
• Communication Skills: 
  • Excellent written and verbal communication skills, with the ability to effectively communicate technical information to both technical and non-technical audiences.
     
• Preferred Qualifications:

• Experience with specific CDS technologies and vendors (e.g., Everfox/Forcepoint, Owl Cyber Defense).
• Experience with cloud security assessments.
• Knowledge of security automation and orchestration tools.
• Familiarity with agile development methodologies.

 

Additional Information 

• This job description is not designed to cover or contain all job duties required of the employee. There may be additional activities, duties and/or responsibilities that are required for this position that are not listed in this job description. 
• In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.  

• System High is a Military friendly employer. Our extensive work on behalf of the U.S. government offers those who have served in uniform an opportunity to continue to serve their country in a new and exciting way while enjoying a successful civilian career. 

• System High Corporation is an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state, or local law. 

 

• Equal opportunity legal notices can be viewed on the following PDF’s: EEO is the Law; EEO is the Law Supplement; Pay Transparency Nondiscrimination

 

Warning: Beware of recruitment scams: System High will never request money or personal purchases during the hiring process. Verify all communications come from a systemhigh.com or msg.paycomonline.com email address.