Jacobs Jobs

Job Information

Jacobs Security Controls Assessor (SCA), Intermediate (Tier 2) - TS/SCI in Columbia, Maryland

Your Impact:

Jacobs is seeking a Security Control Assessor (SCA) Intermediate for a prime contract that is based out of a Columbia, MD office. As SCA Intermediate, you will serve on a team that is responsible for the Authorization and Assessment process under the Risk Management Framework (RMF) for new and existing information systems and will be expected to maintain Authority to Operate compliance for all assigned systems.

The work environment is fast-paced and sometimes involves deadline pressures. The nature of the work requires a high degree of teamwork and cooperation with other members of the staff as well as individuals across the Company and Customers. Our program includes easily available process information and support from others with similar positions across the team.

Plans, coordinates, and integrates all systems engineering tasks adhering to a disciplined systems engineering process throughout all acquisition phases of the assigned subsystem, system or system of systems and approve ATO/IATOs.

Will have the opportunity to work across multiple domains, learning new Cybersecurity tools and techniques to enhance your technical skillset. This is an opportunity to work hand-in-hand with the customer in an exciting and dynamic program.


  • The SCA Tier 2 will be working within a small and dynamic team to manage the authorizations of multiple systems and networks of various size and complexity. The team will be focused on ensuring ATO compliance for various classified systems.

  • Additionally, the SCA will be performing several cybersecurity functions to support the organization to include the following:

  • Site Surveys and Interface Technologies

  • Vulnerability Assessments, Penetration Testing, and Continuous Monitoring

  • Risk Management Framework Services, Certification and Accreditation (RMF CA) support

  • Policy Refinement

  • Incident Response and Forensic Analysis

  • Compliance Review and Oversight Inspection

  • Cyber Security Training and Product Development


Here’s what you’ll need :

  • Experience in certifying information systems using Intelligence Community and/or DoD Assessment and Authorization processes.

  • Understanding on how to assess requirements, validate compliance, and develop system security plans for the purpose of authorization by a delegated authorizing official.

  • Must have a thorough understanding of systems, networks, and sites that operate under the cognizance of the DoDIIS Cybersecurity program and Joint Special Access Program (SAP) Implementation Guide (JSIG) with knowledge and skills as follows:

  • Extensive experience with risk assessment technologies including analyses of the adequacy of implemented security features and research and analysis of security technology.

  • Extensive experience in conducting security testing including actual experience as a Test Director with responsibility for recommending accreditation decisions.

  • Proficient in the use of VISIO or other drawing software and have extensive experience in the generation of functional logical and physical diagrams from high level depictions to extremely detailed diagrams of networks and site information technology architectures.

  • Extensive direct experience with the policies, processes, and methodologies applicable to DoDIIS program and the RMF application.

  • Excellent communication skills, both oral and written, to support considerable interface within and outside the areas of responsibility (development of documents, participation in coordination meetings, and site visits, presenting briefings, etc.).

  • Knowledge of project management fundamentals and process basic skills for use of PM associated products/tools.

  • Experience in applying the Risk Management Framework (RMF) is required for all three tiers.

  • Knowledge of encryption algorithms (e.g., internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], triple Data Encryption Standard [3DES]).

  • Knowledge of host/network access controls (e.g., access control list).

  • Knowledge of incident response and handling methodologies.

  • Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusion via intrusion detection technologies.

  • Knowledge of network protocols (e.g., Transmission Critical Protocol and Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol (DHCP]), and directory services (e.g., Domain Name System [DNS]).

  • Knowledge of network traffic analysis methods.

  • Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol and Internet Protocol [TCP/IP], Open System Interconnection model [OSI], Information Technology Infrastructure Library, v3 [ITIL]).

  • Knowledge of penetration testing principles, tools, and techniques (e.g., metasploit, neosploit).

  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, crosstie scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return oriented attacks, malicious code).

  • Knowledge of information technology supply chain security/risk management policies, requirements, and procedures.

  • Experience in developing and maintaining the following documents and provide relevant input to Authorizing Officials (AO), and/or their delegate on same:

  • Status of Plans of Actions and Milestones (POA&Ms)

  • Security Controls Traceability Matrices (SCTMs)

  • Risk Assessment Reports (RARs)

  • Information System Security Concepts of Operations (CONOPs)

  • Security control assessment test plans

  • Experience in engaging as a member of the Incident Response Team (IRT):

  • Manage, monitor, and review security monitoring data feeds for anomalies

  • Coordinate inquiries, threat analysis, containment and eradication with the Security Operations Center (SOC)

  • Develop after-action reports for Program Security Officer (PSO) and AO reporting.

  • Clearance Required: Active TS/SCI

  • Minimum Education: N/ABS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution can replace the Intermediate certification requirement.

  • Minimum Years of Experience: Four (4) years of related work experience

Jacobs is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, religion, creed, color, national origin, ancestry, sex (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, medical condition, marital or domestic partner status, sexual orientation, gender, gender identity, gender expression and transgender status, mental disability or physical disability, genetic information, military or veteran status, citizenship, low-income status or any other status or characteristic protected by applicable law. Learn more about your rights under Federal EEO laws and supplemental language.