"Alerted.org

Job Family** **:

Technology Consulting

Travel Required** **:

Up to 25%

Clearance Required** **:

Active Top Secret SCI with Polygraph

What You Will Do** **:

The SCA advises key stakeholders, such as the Program Office, Data Owner, and Authorizing Official/Delegated Authorizing Official, concerning the security categorization and impact levels for confidentiality, integrity, and availability of the information on a system. The SCA conducts a comprehensive assessment of the security controls employed within or inherited by an Information System (IS) to determine their overall effectiveness and submit the Body of Evidence (BoE), composed of the System Security Plan (SSP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and draft Authorization to Operate (ATO) Letter, to the Authorizing Official (AO) or Delegated Authorizing Official (DAO) for review and authorization decision.

This role is responsible for supporting RMF assessment efforts. As an expert Security Controls Assessor with expertise in cloud infrastructure possesses specialized skills in evaluating the security controls of systems hosted in cloud environments. Their technical functions encompass a range of tasks aimed minimizing risk while also ensuring the integrity, confidentiality, and availability of data within the domain. Here are the technical functions typically associated with this role:

+ Support the Assessment and Authorization (A&A) Risk Management Framework (RMF) for client-managed systems, networks, and enclaves across security domains.

+ Validate and review security documentation, ensuring accuracy and compliance with regulatory standards.

+ Advise ISSOs on security categorization and control selection (RMF Steps 1 and 2) and conduct Technical Exchange Meetings (TEMs) with security professionals.

+ Develop test reports, assessment artifacts, and Plan of Action and Milestones (POA&Ms) to document findings and oversee resolution efforts.

+ Perform Security Test and Evaluation (ST&E) assessments, ensuring compliance with DoDIIS security standards.

+ Review system specifications, security needs, and vulnerabilities.

+ Develop security assessment documentation, including System Security Plan (SSP), Security Assessment Report (SAR), and draft Authorization to Operate (ATO) letters.

+ Conduct security assessments using automated tools and manual techniques to evaluate vulnerabilities across domains such as access control, cryptography, network security, and incident response.

+ Perform vulnerability scans, analyze findings, and recommend remediation strategies.

+ Conduct penetration testing, web application security testing, wireless network assessments, and social engineering exercises.

+ Validate security configurations for compliance with policies and industry best practices.

+ Assess regulatory compliance (e.g., GDPR, HIPAA, PCI DSS, SOX) and develop risk mitigation strategies.

+ Prepare detailed assessment reports and communicate findings to stakeholders.

+ Contribute to continuous improvement initiatives for security assessment methodologies and tools.

+ Share cybersecurity knowledge through training, mentoring, and staying updated on emerging threats and trends.

+ Develop and implement automated security assessment and monitoring solutions.

+ Design and maintain security architectures for cloud and on-premise systems.

+ Perform secure code reviews and static/dynamic application security testing (SAST/DAST).

+ Support security engineering efforts in implementing security controls and integrating security solutions within enterprise environments.

+ Conduct forensic analysis and incident response investigations to identify and mitigate security threats.

+ Develop security automation scripts and tools to streamline security assessment processes.

What You Will Need** **:

+ An ACTIVE and MAINTAINED TOP SECRET/SCI federal security clearance with a Counterintelligence (CI) polygraph

+ Bachelor's degree

+ Certification in DoD 8570.01-M Cybersecurity workforce, compliance with DoD Directive 8140 Cyberspace Workforce Management, and IAT Level III (CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP).

+ FIVE (5) or more years' experience cybersecurity

What Would Be Nice To Have** **:

+ Focus on the consistent execution and updating of organizational processes and procedures to drive SCA efforts.

+ Preferred experience with briefing Senior Executive personnel.

+ Solid experience conducting cyber security assessment of complex cloud systems.

+ Solid experience with technologies such as Cloud, Data Encryption, Data Storage.

+ Have a good understanding of the Intelligence Community (IC) and DIA.

+ Have solid knowledge of networking technologies and protocols.

+ Have solid knowledge of NIST Risk Management Framework, DoD, IC Cyber Security controls for Cross Domain Solutions.

What We Offer** **:

Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

+ Medical, Rx, Dental & Vision Insurance

+ Personal and Family Sick Time & Company Paid Holidays

+ Position may be eligible for a discretionary variable incentive bonus

+ Parental Leave and Adoption Assistance

+ 401(k) Retirement Plan

+ Basic Life & Supplemental Life

+ Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts

+ Short-Term & Long-Term Disability

+ Student Loan PayDown

+ Tuition Reimbursement, Personal Development & Learning Opportunities

+ Skills Development & Certifications

+ Employee Referral Program

+ Corporate Sponsored Events & Community Outreach

+ Emergency Back-Up Childcare Program

+ Mobility Stipend

About Guidehouse

Guidehouse is an Equal Opportunity Employer–Protected Veterans, Individuals with Disabilities or any other basis protected by law, ordinance, or regulation.

Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.

If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at [email protected] . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.

All communication regarding recruitment for a Guidehouse position will be sent from Guidehouse email domains including @guidehouse.com or [email protected] . Correspondence received by an applicant from any other domain should be considered unauthorized and will not be honored by Guidehouse. Note that Guidehouse will never charge a fee or require a money transfer at any stage of the recruitment process and does not collect fees from educational institutions for participation in a recruitment event. Never provide your banking information to a third party purporting to need that information to proceed in the hiring process.

If any person or organization demands money related to a job opportunity with Guidehouse, please report the matter to Guidehouse’s Ethics Hotline. If you want to check the validity of correspondence you have received, please contact [email protected] . Guidehouse is not responsible for losses incurred (monetary or otherwise) from an applicant’s dealings with unauthorized third parties.

_Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee._