Senior Security Control Assessor (SCA) Cloud Based Computing at QinetiQ US

Company OverviewWe are a world-class team of professionals who deliver next generation technology and products in robotic and autonomous platforms ground soldier and maritime systems in 50 locations world-wide. Much of our work contributes to innovative research in the fields of sensor science signal processing data fusion artificial intelligence (AI) machine learning (ML) and augmented reality (AR).QinetiQ USs dedicated experts in defense aerospace security and related fields all work together to explore new ways of protecting the American Warfighter Security Forces and Allies. Being a part of QinetiQ US means being central to the safety and security of the world around us. Partnering with our customers we help save lives; reduce risks to society; and maintain the global infrastructure on which we all depend.Why Join QinetiQ USIf you have the courage to take on a wide variety of complex challenges then you will experience a unique working environment where innovative teams blend different perspectives disciplines and technologies to discover new ways of solving complex our diverse and inclusive environment you can be authentic feel valued be respected and realize your full potential. QinetiQ US will support you with workplace flexibility a commitment to the health and well-being of you and your family and provide opportunities to work with a purpose. We are committed to supporting your success in both your professional and personal lives.Position OverviewQinetiQ US is looking for a Senior Security Control Assessor with cloud-based experience to support a dynamic DoD client in the Chantilly VA area. Candidates are expected to leverage their past experience and knowledge to help deliver superior support to a rapid prototyping office and should have experience in supporting various cloud-based platforms such as Amazon Web Services Azure Microsoft Google etc.ResponsibilitiesAdvise the Information System Owner (ISO) concerning the impact levels for Confidentiality Integrity and Availability for the information on systems.Develop methods to monitor and measure risk compliance and assurance efforts.Develop specifications to ensure risk compliance and assurance efforts conform with security resilience and dependability requirements at the software application system and network environment level.Assess the effectiveness of security controls.Perform security reviews identify gaps in security architecture and develop a security risk management plan.Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.Perform risk analysis (e.g. threat vulnerability and probability of occurrence) whenever an application or system undergoes a major change.Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.Verify that application software/network/system security postures are implemented as stated document deviations and recommend required actions to correct those deviations.Ensure security assessments are completed for each Information System.Initiate a POA&M with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR.Evaluate security assessment documentation and provide written recommendations for security authorization to the CISO and AO.Assess proposed changes to Information Systems their environment of operation and mission needs that could affect system authorization.Serve as a cybersecurity technical advisor to the CISO and AO under their purview.Be integral to the development of the monitoring strategy. The system-level continuous monitoring strategy must conform to all applicable published DoD enterprise-level or DoD Component-level continuous monitoring strategies.Determine and document in the SAR a risk level for every noncompliant security control in the system baseline.Determine and document in the SAR an aggregate level of risk to the system and identify the key drivers for the assessment. The SCAs risk assessment considers threats vulnerabilities and potential impacts as well as existing and planned risk mitigation.Develop a continuous monitoring plan specific to the information system.Other duties as assignedRequired QualificationsBachelors degree required15 years relevant experienceDOD 8140 IAM Level II (CAP CASP CISM CISSP GSLC CCISO) one of these certifications is requiredTop Secret clearance with SCI eligibility is required #qinetiqclearedjobPreferred QualificationsStrong knowledge of Risk Management Framework (RMF) 800-37 and continuous monitoring 800-137Expert knowledge and hands-on experience with FISMA Systems NIST 800-series guidelines FIPS Security Assessment & Authorization (SA&A) requirements and processes Continuous Monitoring Framework experience and its tools Plan of Action & Milestones (POA&M) policies and vulnerability/patch management risk management project management proficient with Microsoft products - Word Excel PowerPoint.Proficient with vulnerability and scanning tools and well-versed in interpreting risk posture resulting from assessment reports. Experience in project management and tracking and the Microsoft suite of office productsExperience in assessing cloud-based security authorizations (FedRamp AWS & Azure) as well as the NIST control responsibilitiesStrong knowledge of CSAMExpert with documenting and or reviewing security materials such as; system security plans (SSP) Security Assessment Report (SAR) Security Assessment Plan (SAP) and other documents per NIST 800 guidelines.Experience supporting cloud-based security authorizations (FedRamp AWS & Azure)Experience creating Security Assessment Plans Security Assessment Reports and Executive-level briefingsTop Secret/SCI with CI Poly preferredCompany EEO StatementAccessibility/Accommodation:If because of a medical condition or disability you need a reasonable accommodation for any part of the employment process please send an e-mail to or call Opt. 4 and let us know the nature of your request and contact information.QinetiQ US is an Equal Opportunity employer. All Qualified Applicants will receive equal consideration for employment without regard to race age color religion creed sex sexual orientation gender identity national origin disability or protected Veteran status.Required Experience:Senior IC Key Skills Intelligence,Information Technology Sales,Accounts,Auto Parts,Data Analysis Employment Type : Unclear Experience: years Vacancy: 1