Security Control Assessor Representative (SCAR)

Dark Wolf Solutions is seeking a Security Control Assessor Representative (SCAR) to conduct independent comprehensive assessments of the management, operation, and technical security controls and control enhancements employed within, or inherited by, an Information technology (IT) system to determine the overall effectiveness of the controls. SCAR will perform reviews of security artifacts for system authorizations, assessing both the technical and functional adequacy as required for application and software cybersecurity readiness. The SCAR candidate must have prior experience in authorizing tools/applications, systems, and/or enclaves. Additionally, knowledge of network security, technologies, processes, and practices designed for the prevention of damage to, protection of, and restoration of computers, communications systems, services, and various types of communications technologies. The SCAR candidate must be knowledgeable and proficient in assessing DoD GovCloud environments to include testing controls and validating artifacts. A successful candidate will have a strong foundational understanding of NIST, DOD, and DAF cybersecurity focused guidance. This position will be based out of San Antonio, TX with hybrid/remote opportunities. Additional responsibilities include:

Key Responsibilities:

• Evaluating IT infrastructure in terms of risk to the organization and defining artifacts required to meet Federal, DoD and DAF requirements.
• Assessing IT systems and architecture to ensure compliance with the Risk Management Framework (RMF), NIST Cybersecurity Framework (CSF), NIST 800-53 revision 5 and applicable guidance.
• Supporting the system/application assessment and authorization (A&A) effort, to include assessing and guiding the quality and completeness of A&A activities, tasks and resulting artifacts mandated by governing DoD and AF policies, and applicable mandates.
• Collecting, reviewing and verifying documented business processes within process narratives or flowcharts, identifying risks and validating proficiency of mitigating controls.
• Reviewing risk and control matrices and testing plans for key controls and determines effectiveness.
• Identifying control gaps, reviewing and testing the design of existing controls.
• Formulating clear and concise conclusions on internal controls and business process efficiency.
• Recommending policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data.
• Conducting risk and vulnerability assessments of installed information systems to identify vulnerabilities, risks, and protection needs.
• Reviewing Plans of Actions & Milestones (POA&Ms).
• Providing recommendations and reports to the  Security Control Assessor (SCA), Authorizing Official (AO), Chief Information Security Officer (CISO).
• Reviewing network and systems design to ensure accuracy.
• Ensuring the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services.

Required Qualifications:

• 10 years of relevant Cyber experience
• 5+ years prior experience as a Security Control Assessor/Representative RMF Engineer, ISSO, ISSM and/or information assurance engineer
• Cloud Platform experience with at least one service offering from AWS, Azure, or Google GCP 
• Hands-on eMASS and/or Xacta experience completing full system lifecycle activities
• Experience with Air Force risk management policies/procedures, to include, DODI 8510.01, AFI 17-101
• Experience with Cloud Computing Security Requirements Guide (CC SRG)
• Knowledgeable with DoD DevSecOps Fundamentals Playbook
• Experience evaluating information security compliance against STIGs
• Ability to clearly articulate ideas
• Strong technical writing abilities to author reports for AO and CISO dissemination
• Exudes confidence in providing briefings, presentations, and in conducting/guiding meetings with senior leadership and stakeholders
• Ability to use prior experience and knowledge to address new situations
• B.A. or B.S. Information Security, Computer Science or related discipline
• US Citizenship and currently possess a Secret security clearance 

Desired Qualifications:

• Experience with Fast Track ATO Handbook & AF Continuous ATO Playbook
• Familiarity with CI/CD Pipelines
• DevSecOps experience
• Sharepoint, JIRA, Confluence familiarity

This position is located in San Antonio, TX. The estimated salary range for this position is $140,000.00 - $170,000.00, commensurate on experience and technical skillset. 

We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.
 
 In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.