RMF Expert SCA Lead - Reston, United States - Pueo Business Solutions

Description

Job Description

Pueo is known for bringing the best talent and unique tools to every opportunity. Pueo's Parliament (aka workforce) is composed of professionals who are seeking the opportunity to work in a small business with a flat organization that thrives on career development and independence. In support of mission and professional growth, our Parliament has supported the development of multiple patents, proprietary tools, and applications as well as trademarked processes.

Our flat organization emphasizes career development across multiple career environments (at the members own pace) and ensures those who contribute broadly are properly rewarded. Pueo has four career environments where every member of the parliament can participate. Each environment has opportunities available for all levels. Opportunities are framed by an employee's desires and capabilities, and we ensure challenges, growth, and unique experiences are available for employees at all levels.

Our Career Environments (Program, Functional, Service, and Leadership) provide numerous opportunities for employees to invest in their personal growth and those things that offer fulfillment. We invest in helping our members create and execute their career development plans. Our Pods (small teams of 5 or less) are comprised of personnel with similar skillsets to ensure mentorship, understanding, and peer support.

Role: Pueo has an opportunity for an experienced TS/SCI cleared SCA Lead to join our team in Reston, VA. The SCA Lead is responsible for leading evaluations and ensuring the effectiveness of security controls within an organization. Their administrative and team managerial functions are key to success. Their technical functions encompass a range of tasks aimed at assessing, testing, and validating security measures to identify vulnerabilities and enhance overall security posture.

Responsibilities:

• Works with senior members of the client organization to ensure that overall program and project direction, strategy and expectations are met.
• Possesses the ability to understand DIA's CIO mission and the impact of managerial practices.
• Facilitates discussions and analysis to inform the decision process.
• Offers expertise in the form of knowledge, specialty skills, experience, or creativity.
• Have a firm understanding of IC and DOD Risk Management Frameworks, continuous monitoring, risk scoring, and risk management experience.
• Act as a high-level assessor able to help all the Security Control Assessor's (SCA) on the RMF Team with their assessments and assessment report reviews prior to submission to the government.
• SME in one or more of the following specialties: cloud and systems architectures, security architecture, cloud applications and storage, high performance computing, and software development.
• Has solid inter-personal skills and a desire to see the team succeed.
• Mentor to junior Security Control Assessors.
• Security Documentation Review: Review security documentation, including policies, procedures, guidelines, and technical documentation, to assess alignment with security requirements and industry standards. Ensure documentation accurately reflects implemented security controls and practices.
• Risk Assessment and Mitigation: Conduct risk assessments to identify and prioritize security risks based on their likelihood and impact. Collaborate with stakeholders to develop risk mitigation strategies and action plans to address identified vulnerabilities.

Security Controls Testing:

• Conduct rigorous technical testing of security controls across various domains such as access control, cryptography, network security, and incident response. Use automated tools, manual techniques, and specialized testing methodologies to identify weaknesses and vulnerabilities,
• Manage security controls assessments including kickoff, submission of deliverables, final report, and executive briefing,
• Conduct controls assessments of existing security measures and identify areas for improvement,
• Lead assessment interviews, testing, and coordinate evidence requests,
• Conduct audits to ensure that security controls are implemented correctly and operating effectively,
• Monitor and evaluate a system's compliance with security, resilience, and dependability requirements,
• Perform security reviews and identify security gaps in architecture resulting in recommendations for inclusion in the risk management strategy,
• Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations through the development of POA&Ms,
• Vulnerability Scanning and Analysis: Perform vulnerability scans using automated scanning tools to identify potential security flaws in systems, networks, and applications. Analyze scan results, prioritize vulnerabilities based on risk, and provide recommendations for remediation.
• Security Configuration Review: Review and analyze security configurations for systems, devices, and applications to ensure compliance with security policies, standards, and best practices. Identify misconfigurations, weaknesses, and deviations from security baselines.
• Security Control Validation: Validate the effectiveness of implemented security controls through rigorous testing and validation procedures. Verify that controls are functioning as intended and providing adequate protection against security threats and vulnerabilities.

Security Reporting and Communication: Prepare comprehensive assessment reports detailing findings, observations, recommendations, and remediation actions. Communicate assessment results to technical and non-technical stakeholders, including senior management, IT teams, and auditors.

• Produce quality deliverables in a timely fashion as defined by the client,
• Prepare metrics and reports for management on the status of IT Compliance objectives,
• Produce documentation and diagrams as needed,
• Represent the Information Security Team by participating directly with projects and provide guidance, requirements and documentation for security related purposes when requested,
• Evaluate, document and maintain standards, processes and procedures relative to security and privacy,
• Provide insightful recommendations to improve security posture.

Continuous Improvement Initiatives:

• Participate in continuous improvement initiatives aimed at enhancing the effectiveness and efficiency of security assessment processes,
• Identify opportunities for automation, optimization, and enhancement of assessment methodologies and tools.

Knowledge Sharing and Training:

• Share knowledge and expertise with team members through training sessions, workshops, and mentoring activities,
• Stay updated on emerging threats, vulnerabilities, and trends in cybersecurity to continuously improve assessment practices.

Qualifications:

• An active TS/SCI clearance with the ability to obtain a CI Poly,
• 10 years of cyber-security related experience or the equivalent combination of processional support, education, or professional training,
• 5 years minimum as a Security Controls Assessor (SCA),
• Bachelor's degree from an accredited institute in an area applicable to the position in Cybersecurity, Computer Science, Software Engineering, Systems Engineering, Information Systems, or a related technical discipline.
• Certification in DoD M Cybersecurity workforce, compliance with DoD Directive 8140 Cyberspace Workforce Management, and IAT Level III (CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP),
• Strong Independent work ethic,
• Exceptional oral and written communication skills,
• Ability to work unsupervised and lead others,
• Focuses on the consistent execution and updating of organizational processes and procedures to drive RMF efforts,
• Continuous Monitoring (ConMon), and POA&M efficiencies,
• Able to meet deadlines and manage multiple projects,
• Able to build and foster strong working relationships,
• Able to present information on technical subjects in an understandable manner in both oral and written form,
• Able to take ownership of a project through the life cycle,
• Able to work independently, self-motivated,
• Proficient computer skills required, experience using Microsoft applications (Word, Excel, PowerPoint, Visio and Outlook),
• Excellent communication and organizational skills.

Pueo is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. Pueo takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.