Overview

Arcfield was purpose-built to protect the nation and its allies through innovations in digital transformation, space mission engineering and launch assurance, miniaturized sensors and satellites, advanced modeling and simulation, cybersecurity, and conventional and hypersonic missile support. Headquartered in Chantilly, VA with 16 global offices, Arcfield employs more than 1,500 engineers, analysts, IT specialists, and other professionals with more than 60 years of collective proven experience supporting missions in cyber and space defense, space exploration, hypersonic and nuclear deterrence and warfighter readiness. Visit arcfield.com for more details.

Responsibilities

Arcfield's Cyber programs are expanding and are currently in need of Level IV/ Security Control Assessor (SCA) Subject Matter Experts to support Risk Management Framework (RMF) workflows, performing comprehensive INFOSEC assessment of management, operational, and technical security controls to determine overall effectiveness of the controls for A&A determination throughout our customer’s program system lifecycle. SCAs provide an assessment of the severity of weakness or deficiencies discovered in the IS and its environment of operation and recommend corrective actions to address identified vulnerabilities. In this role you will be considered a recognized expert within the company, who designs, researches and develops highly advanced applications, which may result in new product/business opportunities for the company.  Note: An offer for this position is contingent upon contract award.

 

Responsibilities include, but are not limited to:

Review and assess information systems (IS) for compliance with IC, DoD, and ND guidelinesProvide security advice and guidance to government and industry partnersAdvise Information System Owners (ISO) on confidentiality, integrity, and availability impact valuesOffer technical guidance for Authorization and Accreditation (A&A) responsesEvaluate IS threats and vulnerabilities, recommending additional safeguards as neededSupport development and implementation of customer’s IT-IA-IM policiesContribute to future Customer IS security policy developmentConduct site visits and assessments, prepare written reports for government approvalEnsure completion of security control assessments for each ISSupport RMF process-related presentations, briefings, and reportsUtilize customer’s RMF system of record for workflow duties and documentationTrack and report on RMF process workflow activities and metricsPrepare Security Assessment Reports (SARs) and Authorization RecommendationsCollaborate on Plans of Action and Milestones (POAMs) based on assessment findingsReview and approve IS Security Assessment PlansAddress security issues as requested by the governmentSupport A&A for special programs and tactical operationsConduct reviews and write reports for ISAP or TISSRsVerify proper implementation and documentation of security controls in System Security Plans (SSPs)Assess severity of identified weaknesses and recommend corrective actionsAct as IS liaison between Directorates and OfficesWork on unusually complex technical problems and provides innovative solutionsDetermines and pursues courses of action necessary to obtain desired results
Qualifications

Required:

Must possess and be able to maintain a TS/SCI clearance with polygraphBS 12-15, MS 10-13, PhD 10+A STEM degreeSCA experienceCertifications:CAPCASPCISMCISSP (or Associate)GSCLCGRC/CAPCloud+CYSA+GSECPenTest+Relevant experience in technical project managementAdvanced IS security skills and knowledgeFamiliarity with IA conceptsAbility to review and recommend vulnerability and risk levels associated with SW and HW productsPractical experience developing and implementing security related directivesPractical experience performing IS' A&A as defined in applicable ICDs and guidancePractical experience utilizing risk management strategies for IT solutionsUnderstanding of emerging technologies and their implementation w/in government systems and network environmentsKnowledge of IT concepts used in evaluation of security performance and integrity of state-of-the-art applications, communications systems, HW, SW, satellite controls systems, and information processing systemsPractical experience assessing security of cloud-based systems including IaaS, PaaS, and/or SaaS deploymentAbility to effectively coordinate A&A activities of industry and government IS' to meet acquisition milestone requirementsExperience working with a mixed skill level team to ensure that appropriate knowledge and skill transfer occursAbility to simultaneously manage and track multiple large-scale systems or programs involved in A&A processExperience developing and implementing security related directives and guidance for IT-IA-AMIn-depth understanding of IT systems, SW, & networksEffective technical report and general correspondence writing ability

 

Desired:

Education relevant to computer engineering, INFOSEC, cyber security, information management, and/or computer scienceExperience providing technical and programmatic Information Assurance Services to internal and external customers in support of network and information security systemsAble to prepare and provide documentation using accepted guidelines such as DITSCAPExperience providing certification and accreditation support in the development of security and contingency plans and conducting complex risk and vulnerability assessmentsDesigns, develops and implements security requirements within an organization's business processesPrepares Security Test and Evaluation plansAnalyzes policies and procedures against Federal laws and regulations and provides recommendations for closing gapsDevelops and completes system security plans and contingency plansRecommends system enhancements to improve security deficienciesDevelops, tests and integrates computer and network security toolsSecures system configurations and installs security tools, scans systems to determine compliance and report resultsEvaluates products and various aspects of system administrationConducts security program audits and develops solutions to lessen identified risksDevelops strategies to comply with privacy, risk management, and e-authentication requirementsProvides information assurance support for the development and implementation of security architectures to meet new and evolving security requirementsEvaluates, develops and enhances security requirements, policy and toolsProvides assistance in computer incident investigationsPerforms vulnerability assessments including development of risk mitigation strategies
EEO Statement

We are an equal opportunity employer and federal government contractor. We do not discriminate against any employee or applicant for employment as protected by law.