New

Security Control Assessor - TS/SCI Cleared

TEKsystems
$70.00 - $80.00 / hr
life insurance, sick time, 401(k), retirement plan
United States, Virginia, Arlington
Jun 25, 2025
* This position requires an active DoD Clearance (Secret, Top Secret, Top Secret/SCI) or the ability to be obtain an (Interim Secret, Interim Top Secret) * Because an active or interim DoD clearance is required, U.S. Citizenship is required *MUST HAVE ACTIVE TS/SCI CLEARANCE Description* Schedule and coordinate assessments of security controls and potential vulnerabilities. Ensure that assessments cover all required aspects, including confidentiality, integrity, and availability (CIA). Ensure that proper tools and methodologies are applied during the assessment. Identify and document weaknesses or vulnerabilities found during the security assessment. Create a POA&M that includes corrective actions, owners, and suspense dates. Ensure the POA&M is actively managed and updated with progress on remediation actions. Work with system owners to track and resolve identified issues. Review the SAR, which details the results of the security assessment. Evaluate whether the findings support system authorization and whether vulnerabilities have been adequately addressed. Provide written recommendations to the CISO (Chief Information Security Officer) and AO (Authorizing Official) for security authorization decisions (e.g., whether the system should be authorized to operate). Ensure compliance with relevant risk management frameworks (e.g., RMF, FISMA, NIST SP 800-53). Review and assess changes (e.g., system modifications, patches, or environment changes) that might affect security controls or system authorization. Evaluate the potential security risks introduced by changes to the system or its operating environment. Determine if the changes necessitate a new authorization or re-assessment process. Work with system owners to ensure any necessary adjustments are made to maintain security compliance. Provide expert advice on technical security issues related to the system's compliance, vulnerabilities, and risk management. Assist the CISO and AO with interpreting security assessment findings and making informed decisions about system authorization. Advise on security best practices, standards, and methodologies relevant to system security and risk management. Support the CISO and AO in prioritizing security improvements and mitigations. Work with the system owner and other stakeholders to define a continuous monitoring approach for the system. Ensure the monitoring strategy is comprehensive and includes mechanisms for detecting and responding to security threats in real-time. Ensure compliance with DoD-level or component-level continuous monitoring strategies. Help identify key performance indicators (KPIs) and metrics to assess the system's security continuously. Identify any noncompliant security controls and evaluate their potential risks to the system. Document the severity and potential impact of these weaknesses in the SAR. Assign a risk level to each noncompliant control, using a standard risk assessment methodology (e.g., likelihood, impact, and potential mitigation). Provide clear documentation to support the AO's decision regarding system authorization. Aggregate individual security control risks into a comprehensive risk assessment for the entire system. Document key risk drivers, such as specific vulnerabilities, system weaknesses, or external threats. Consider existing and planned risk mitigations when documenting the aggregate risk level in the SAR. Present the risk analysis clearly so that decision-makers can understand the overall security posture of the system. Develop a continuous monitoring plan that defines the processes for ongoing security assessments, threat detection, and risk mitigation. Ensure that the plan is aligned with the system's security requirements, objectives, and the broader enterprise or organizational strategy. Identify which controls and assets need to be monitored and specify how monitoring will be conducted. Establish incident response protocols and escalation procedures for any detected vulnerabilities or incidents. Coordinate with stakeholders to ensure the continuous monitoring plan is implemented effectively and adjustments are made as necessary. Identifying potential risks across the supply chain, including supplier risks, operational risks, financial risks, geopolitical risks, natural disasters, regulatory changes, and cybersecurity threats. Conducting risk assessments and monitoring external and internal factors that could affect the supply chain. Continuously monitoring supply chain activities, including supplier performance and external factors that may trigger risks. Reporting risk findings to management and other key stakeholders regularly. Engaging with external stakeholders, such as government agencies, industry associations, and insurance companies, to stay informed and prepared for potential risks. Continuously improving risk management processes and tools. Staying up-to-date with emerging risks and best practices in risk management. Learning from past disruptions and refining strategies for better future preparedness. Analyze the results of vulnerability scans, which could be from tools like Nessus, Qualys, or OpenVAS. Understanding the severity, impact, and exploitability of each identified vulnerability is essential. Based on the potential impact to the organization, prioritize the vulnerabilities that need to be addressed first. Critical vulnerabilities that expose sensitive data or are easily exploitable should be handled immediately Pay and Benefits The pay range for this position is $70.00 - $80.00/hr. Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: * Medical, dental & vision * Critical Illness, Accident, and Hospital * 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available * Life Insurance (Voluntary Life & AD&D for the employee and dependents) * Short and long-term disability * Health Spending Account (HSA) * Transportation benefits * Employee Assistance Program * Time Off/Leave (PTO, Vacation or Sick Leave) Workplace Type This is a fully onsite position in Arlington,VA. Application Deadline This position is anticipated to close on Jul 8, 2025. h4>About TEKsystems: We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company. The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law. About TEKsystems and TEKsystems Global Services We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com. The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.