Arcfield was purpose-built to protect the nation and its allies through innovations in digital transformation, space mission engineering and launch assurance, miniaturized sensors and satellites, advanced modeling and simulation, cybersecurity, and conventional and hypersonic missile support. Headquartered in Chantilly, VA with 16 global offices, Arcfield employs more than 1,500 engineers, analysts, IT specialists, and other professionals with more than 60 years of collective proven experience supporting missions in cyber and space defense, space exploration, hypersonic and nuclear deterrence and warfighter readiness. Visit arcfield.com for more details.

Arcfield's Cyber programs are expanding and are currently in need of Level III Security Control Assessor (SCA) professionals to support Risk Management Framework (RMF) workflows, performing comprehensive INFOSEC assessment of management, operational, and technical security controls to determine overall effectiveness of the controls for A&A determination throughout a customer program’s system lifecycle. SCAs provide an assessment of the severity of weakness or deficiencies discovered in the IS and its environment of operation and recommend corrective actions to address identified vulnerabilities. Note: An offer for this position is contingent upon contract award.

Responsibilities include, but are not limited to:

• Review and assess information systems (IS) for compliance with IC, DoD, and ND guidelines
• Provide IS security advice and guidance to government and industry partners
• Advise Information System Owners (ISO) on confidentiality, integrity, and availability impact values
• Offer technical guidance for Authorization and Accreditation (A&A) responses
• Evaluate IS threats and vulnerabilities, recommending additional safeguards as needed
• Support development and implementation of NRO IT-IA-IM policies
• Contribute to future customer IS security policy development
• Conduct site visits and assessments, prepare written reports for government approval
• Ensure completion of security control assessments for each IS
• Support RMF process-related presentations, briefings, and reports
• Utilize customer RMF system of record for workflow duties and documentation
• Track and report on RMF process workflow activities and metrics
• Prepare Security Assessment Reports (SARs) and Authorization Recommendations
• Collaborate on Plans of Action and Milestones (POAMs) based on assessment findings
• Review and approve IS Security Assessment Plans
• Address security issues as requested by the government
• Support A&A for special programs and tactical operations
• Conduct reviews and write reports for ISAP or TISSRs
• Verify proper implementation and documentation of security controls in System Security Plans (SSPs)
• Assess severity of identified weaknesses and recommend corrective actions
• Act as IS liaison between Directorates and Offices (Ds&Os) and COMM

Required:

• BS 5-7 Years, MS 3-5, PhD 0-2 
• BA/BS or higher STEM degree
• Must possess and have the ability maintain a TS/SCI w Poly
• SCA experience
• Certifications:
  • CAP
  • CASP
  • CISM
  • CISSP (or Associate)
  • GSCL
  • CGRC/CAP
  • Cloud+
  • CYSA+
  • GSEC
  • PenTest+
• Relevant experience in technical project management
• Advanced IS security skills and knowledge
• Familiarity with IA concepts
• Ability to review and recommend vulnerability and risk levels associated with SW and HW products
• Practical experience developing and implementing security related directives
• Practical experience performing IS' A&A as defined in applicable ICDs and guidance
• Practical experience utilizing risk management strategies for IT solutions
• Understanding of emerging technologies and their implementation w/in government systems and network environments
• Knowledge of IT concepts used in evaluation of security performance and integrity of state-of-the-art applications, communications systems, HW, SW, satellite controls systems, and information processing systems
• Understanding of IT systems, SW, and networks
• Practical experience assessing security of cloud-based systems including IaaS, PaaS, and/or SaaS deployment
• Ability to effectively coordinate A&A activities of industry and government IS' to meet acquisition milestone requirements
• Effective technical report and general correspondence writing ability
• Ability to manage and track systems or programs involved in A&A process
• Experience developing and implementing security related directives and guidance for IT-IA-IM
• Experience working with a mixed skill level team to ensure that appropriate knowledge and skill transfer occurs

Desired:

• Education relevant to computer engineering, INFOSEC, cyber security, information management, and/or computer science

We are an equal opportunity employer and federal government contractor. We do not discriminate against any employee or applicant for employment as protected by law.