at SAIC in Augusta, Maine, United States
SAIC is seeking a Security Control Assessor in support of the Department of Health and Human Services (HHS)
cybersecurity mission to ensure HHS can actively protect the vital health information with which it is entrusted, respond to existing and emerging cybersecurity threats, and continue to enhance the program to ensure HHS has the capability and capacity to respond to new and emerging requirements, technologies and threats.
The SCA will provide Security Control Assessment services, which could include physical security walkthroughs, control assessments, technical vulnerability analysis, PIV Card Issuance Facility (PCIF) Assessments. Services will be performed in accordance with NIST and agency and departmental policy and guidance. The SCA will provide these security control assessment services for Federal agencies that utilize HHS’ fee-for-service Enterprise Security Systems (ESS) program.
+ Plan and/or perform security controls assessments for ESS customer systems in accordance with NIST SP 800-53 and NIST SP 800-53A, using ESS processes, guidance and methods to support the customer’s authority to operate process, or its annual assessment process. Activities could include control assessment (Interview & Examination, physical security walkthroughs and/or technical vulnerability testing).
+ Plan and/or perform assessment of PCIF facilities and/or OpDivs in accordance with NIST 800-79 requirements for authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI) compliance.
+ Assist with identification and remediation of PCIF Plan of Action & Milestones (PO&MS).
+ Identify existing and/or potential organizational security weaknesses as a result of the assessments, including personnel controls, training, incident and emergency response, logical security controls, physical security controls, operational security and integrity of software applications and data for customer engagements.
+ Develop and deliver reports and presentations required for communicating findings of the security control assessments.
+ Conduct vulnerability assessments on networks, servers, websites and databases, as directed by ESS, to assist with other assessment activities.
+ Assess, review, update, develop, and deliver documentation to support ESS in their security controls assessment activities.
+ Develop and provide input to deliver weekly customer status reporting and project plans.
+ Support the maintenance of tools, laptops and upkeep of testing materials.
+ Conduct on site assessment of PCIF facilities across the continental U.S.’
+ Attend ESS customer meetings in person, unless otherwise noted.
Required Education and Experience :
+ Bachelor’s degree and 2+ years of experience, Associates and 4+ years of experience or 4 years of additional experience in lieu of a degree. Must have the adequate knowledge and skills to learn and perform the described job.
+ 2+ years of hands on experience in the IT or Cyber field
+ Demonstrated cybersecurity experience or knowledge
+ A Cybersecurity certification is a plus
+ Hands on IT / Cyber experience in support of a SOC is a plus
+ Have experience overseeing information security systems related to Assessment and Authorization.
+ Have experience validating compliance requirements for information security systems with an expert understanding of NIST 800-53 and the Security Control assessment process.
+ Knowledge of assessment needs related to Cloud Service Providers (CSPs, IaaS, SaaS, and PaaS), General Support Systems, and Major/Minor applications including the definition of accreditation boundaries.
+ Ability to determine assessment metrics for system risks.
+ Strong communication skills (verbal and written)
+ Clearance Requirement : Must be a U.S. Citizen with the ability to obtain and maintain a Public Trust clearance.
COVID Policy: Prospective and/or new employees are required to adhere with SAIC’s vaccination policy. All SAIC employees must be fully vaccinated and they must submit proof of vaccination on their first day of employment. Prospective or new employees may seek an exemption to the vaccination requirement at Contact Us (https://www.saic.com/contact/contact\_us) and must have an approved exemption prior to the start of their employment. Where work is performed strictly at a customer site, customer site vaccination requirements preempt SAIC’s vaccination policy.
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.