Security Control Assessor

Oneida Technical Solutions, LLC (OTS), was founded in 2014 and quickly established itself as a reliable partner capable of providing a variety of information technology and cyber solutions across highly complex, highly regulated and highly secure environments, including the U.S. Department of Defense (DoD), healthcare, higher education, law enforcement, retail, casino gaming and more.

Our innovative cyber capabilities and programs have made us trusted partners for IT modernization projects, implementing upgrades and accelerating the delivery of new solutions for the DoD and commercial industries with consumer-driven technology.

OTS is seeking a Security Controls Assessor in providing cybersecurity support to AFCENT at Shaw AFB in Sumter, SC.

In this role you will perform comprehensive IT security control assessments on AFCENT systems and software applications. Assessments shall require physical travel to various contractor and Government sites inside and outside the continental United States (CONUS and OCONUS). Assessments shall determine the condition of the management, operational, and technical security controls employed within or inherited by an information system or software to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system).

Duties for this role include, but are not limited to:

Perform initial and continual security control assessment and validation for AFCENT networks, systems, and software applications.
Utilize DOD approved tools such as, but not limited to - Assured Compliance Assessment Solution (ACAS), Nessus, Host Based Security Systems (HBSS), Continuous Monitoring Risk Scoring (CMRS), Online Compliance Reporting System (OCRS), and SolarWinds - to generate initial and continuous monitoring reports.
Complete reports to support risk decisions from the AO, both as required and as requested.
Provide an assessment on the severity of weaknesses or deficiencies discovered in the information system or software application and its environment of operation and recommend corrective actions to address identified vulnerabilities.
Review the System Security Plan (SSP), prior to initiating the security control assessment and ensure the plan provides a set of security controls for the information system or software application that meet the stated security requirements.
Advise the Information System Owner (ISO) concerning the impact values for confidentiality, integrity, and availability for the information on a system or software application.
Evaluate threats and vulnerabilities to information systems or software application to ascertain the need for additional safeguards.
Assist in creating, reviewing, and approving the information system or software application security assessment plan, which is comprised of the SSP, the Security Controls Traceability Matrix (SCTM), and the Security Control Assessment Procedure.
Ensure security control assessments are completed for each information system or software application and ensure controls are working as intended and these controls protect the confidentiality, integrity and availability of IT resources at the appropriate levels.
Assist with preparing the final Security Assessment Report (SAR) containing the results and findings from the assessment at the conclusion of each security control assessment activity.
Ensure a Plan of Action and Milestones (POA&M) is initiated by the Information System Security Officer (ISSO) for the information system based on findings and recommendations from the SAR.
Evaluate security control assessment documentation and provide written recommendations for security authorization to the AO.
Provide expertise to execute vulnerability assessments on Platform IT systems.
Assist with assembling and submitting the security authorization artifacts to the AO (consisting of, at a minimum, the SSP, the SAR, the POA&M, and a Risk Assessment Report (RAR).
Assess the proposed changes to information systems or software application, their environment of operation, and mission needs to determine if they are security-relevant and could therefore affect system authorization.
Utilize the RMF methodology to successfully implement an information technology process which shall effectively protect the element's information assets and its ability to perform its mission.
Provide guidance to other assessors on the policies and procedures of the job; Provide detailed assessment findings using Government-specified processes and procedure.
Provide solutions and recommendations to remedy security vulnerabilities, threats, to ultimately improve the protection of IT resources and to execute the AFCENT mission.
Utilize assessment results to identify trends and to improve IA training, policies and processes.
Develop reports and trend analysis's to support risk assessment decisions.

Qualified candidates must meet the following mandatory requirements:

Must possess and maintain a Secret Clearance

Proof of IAT-III or IAM-III Certification

Senior (III) and higher positions (Preferred):

- MA/MS in related field AND 3 or more years' relevant experience; or

- BS in related field AND 5 or more years' relevant IT experience; or

- 7 or more years' relevant IT experience.

Mid-level (II) or lower positions:

- BS in related field AND 1 or more years' relevant experience; or

- Associates in related field and 3 or more years' relevant IT experience; or

- 5 or more years' of relevant IT experience.

Oneida Technical Solutions, LLC. is an equal opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, national origin, age, disability, marital status, veteran status, sexual orientation, gender identity, genetic information or any other protected characteristic under applicable law.

#CJ