26 days old

Security Control Assessor Test Engineer, Level 3 (Government)

Chantilly, VA 20151
AT&T Global Public Sector is a trusted provider of secure, IP enabled, cloud-based, network solutions and professional services to the Federal Government. We are dedicated to recruiting, developing and empowering a diverse, high-performing workforce that is passionate about what they do, committed to our shared values and dedicated to our customers mission.


Our National Security Team supports the intelligence community, providing, operating and assuring critical voice, video and collaboration services for the full spectrum of operations. The services required by this contract will assist OS&CI in providing the NRO a secure mission environment. The contractor shall provide realistic, innovative information security solutions to accomplish the requirements in addition to program management. The services obtained under this contract shall provide expertise to support information systems security, security control assessments, information assurance engineering, and security control assessments test engineering.


AT&T has an opening for a Security Control Assessor Test Engineer(SCATE), Level 3 to support the National Security Sector, in providing subject matter expertise supporting and participating in independent assessment activities as part of the Risk Management Framework (RMF) Assessment and Authorization (A&A) process within the NRO. Personnel will be responsible for auditing all entries and artifacts within the A&A database as well as conducting Red/Blue team tests to determine system readiness for their ATO packet submissions.


Job Duties/Responsibilities:


+ Ability to conduct technical testing and evaluation of NRO and Intelligence Community (IC) systems. Tests and evaluations are conducted to ensure all IT technical security requirements are fulfilled in accordance with ICD 503 and the NROs Risk Management Framework (RMF) process.

+ Assist Program Offices in conducting assessments of the systems they build, referred to as Dry Run testing, providing Independent Verification and Validation (IV&V) testing of the system (Step 4 in the RMF process).

+ Assist in participating in DNI IC community test events, such as DNIs IC Information Technology Environment (ICITE), Commercial Cloud Services (C2S), and the National Security Agency (NSA) GovCloud.

+ Conduct reviews that ensure that all applicable security controls are included and have test cases. The test cases shall be vetted to ensure they are complete and actually test the control to which they are mapped.

+ Ability to test systems that have one (1) High in any of the three (3) ICD 503 categories (Confidentiality, Integrity or Availability) (C-I-A) and a SCA request for ISCB support shall require that ISCB witness the execution of the programs Certification Test Plan (CTP). Additionally, some systems not meeting this threshold might, at management direction, require CTP witnessing. The skill set shall include the ability to conduct both blue and red team internal and external testing of target systems.

+ Ability to test systems that have two (2) Highs in any of the three (3) ICD 503 categories (Confidentiality, Integrity or Availability) (C-I-A) shall require that VRIB witness the execution of the programs Certification Test Plan (CTP) and undergo a Penetration Test event. Additionally, some systems not meeting this threshold might, at management direction, require Full Testing. The skill set shall include the ability to conduct both blue and red team internal and external testing of target systems.

+ Ability to conduct penetration testing on systems, as determined by management direction.

+ Ability to conduct software review requests (S/WRRs), which consist of researching open source information to ensure that software proposed for use on any enterprise mission systems does not have any security concerns that cannot be mitigated.

+ Ability to support Corporate Product List (CPL) reviews. VRIB conducts security reviews for items prior to addition onto the CPL. These reviews shall consist of a search of open source information to ensure any hardware or software being proposed for acquisition and inclusion on any enterprise or mission systems do not have any security concerns that cannot be mitigated.

+ Ability to conduct In-Depth product reviews. These reviews shall test the requested hardware or software for security vulnerabilities. Product reviews shall include in-depth research into the product as well as hands-on testing. The incumbent will design, document and run the test event. Upon completion of the test event the incumbent shall generate a test report.

+ Ability to operate and maintain the customer test labs and environments as well as reconfigure these environments to support applicable test events.


Required Clearance:

Active TS/SCI, with Poly (#polygraph)


Required Qualifications:


+ Candidates must have a bachelors degree or higher and 8 years of experience that can be a combination of work history and education.

+ This equates to bachelors or higher and 8 years, Masters and 5 years, Associates and 12 years, or HS and 15 years.

+ Requires CEH as a minimum, and must have a DoD 8570 compliant IASAE I certification (I.e. CASP+ CE, CISSP (or Associate), CSSLP) within 6 (six) months of hire.


Desired Qualifications:


+ ICD 503 and the Government's certification and accreditation process

+ Networks, computer components, system protocols, and COTS technology

+ System methodologies including client/server, web hosting, web content servers, policy servers, directory servers, firewalls, WAN, MAN, LAN, switches, and routers

+ Software integration of COTS and Government Off-the-Shelf (GOTS) products

+ Windows, Linux, Unix, and Mac OS X administration;

+ VMware, Xen, Hyper V and other virtualization platforms.

+ Configuring and supporting Windows, Linux, Unix, Mac OS, and other operating systems

+ Configuring and supporting VMware, Xen, Hyper V and other virtualization platforms

+ Software engineering

+ Program design and implementation

+ Configuration management

+ System maintenance

+ Integration testing

+ Information system engineering

+ Penetration testing and analysis

+ System certification activities and efforts related to system certification and accreditation;

+ Research, development, integration, and distribution of IS security tools and associated documentation;

+ Security procedures for systems and software within area of expertise to ensure consistent security policy implementation;

+ Education relevant to computer engineering, information security, information management, and/or computer science; and

+ Experience in technical project management.


AT&T is an Affirmative Action/Equal Opportunity Employer and we are committed to hiring a diverse and talented workforce. EOE/AA/M/F/D/V
We expect employees to be honest, trustworthy, and operate with integrity. Discrimination and all unlawful harassment (including sexual harassment) in employment is not tolerated. We encourage success based on our individual merits and abilities without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, disability, marital status, citizenship status, military status, protected veteran status or employment status.

Categories

Posted: 2020-10-28 Expires: 2020-11-27

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Security Control Assessor Test Engineer, Level 3 (Government)

AT&T
Chantilly, VA 20151

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast