Jacobs Sr. SCA Engineer in Reston, Virginia
Sr. SCA Engineer
“Jacobs National Security Solutions(NSS) provides world-class IT network and service management capabilities;cutting edge cyber threat awareness and cybersecurity solutions; innovativeweb- and software applications development; and advanced data analytics formajor clients in the Intelligence Community, Department of Defense, and FederalCivilian Agencies.
Our forward thinking solutions deliver an integrated approach to IT networkdesign and management, full lifecycle IT service management, IT servicedelivery, asset management, logistics and procurement, and vendormanagement. We leverage the expertise and passion of our employees toconduct identity and access management, penetration testing, and vulnerabilityassessments for our nation’s most closely guarded agencies and networks. OurCyber Security Operations Centers ensure safe, effective network operations forFederal clients while our data scientists are helping stop illegal acts beforethey can endanger Americans or our way of life.
Jacobs promotes a culture ofoperational excellence to create a safer, smarter, and more connected worldwhile upholding the highest standards of compliance, quality and integrity.
We continue to thrive and need yourtalent and motivation to help propel us farther, faster.”
Jacobs is currently seeking a Sr. Security Control Assessor(SCA) Engineer to provide onsite and offsite support primarily in Reston, VA.Duties will include:
Lead and assist with security testing and security control assessments on federal applications and general support systems to ensure compliance with the NIST SP 800-53 Rev. 4 and agency specific requirements.
Lead and conduct security control assessments within the On-going Authorization cycle.
Technically assess both major application and general support system security configurations and implementation.
Interface with federal employees and contractors to perform the security assessment activities. Responsible for assisting in the presentation of the vulnerability findings to the client.
Lead and support security control assessments based on NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev.1.
Analyze results from vulnerability scanning tools such as Nessus, HP WebInspect, QualysGuard, AppDetective, and Burp Suite.
Interface with the clients related to the overall security control assessment program and all security control assessment activities which the candidate is responsible for leading.
Develop Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plan of Action and Milestone (POA&M) Reports.
Must be able to obtain and maintain a Public Trust clearance.
Associate of Science degree in Information Technology, IT Security, Network Systems Technology or related field or equivalent experience plus four (4) to seven (7) years of directly related experience or any equivalent combination of education, experience, training and certifications.
Five (5) to seven (7) years of directly related experience in Information Technology and/or Cybersecurity.
2 years leading security control assessments based on NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev.1.
4 years conducting security control assessments based on NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev.1.
Advanced understanding of the NIST Risk Management Framework (RMF)
Prior experience working with a wide variety of technologies, be well versed in the current state of Information Security, and be able to interpret the requirements of relevant governing bodies (NIST, OMB, GAO, etc).
Experience performing full scope Risk Management processes for a federal client, to include Certification and Accreditation (C&A), FISMA Self Assessments, Technical Assessments (Vulnerability analysis, penetration testing), and Risk Assessments. Finally, the candidate should have experience using vulnerability and security testing tools and reviewing the results from tools such as Nessus, HP WebInspect, QualysGuard, AppDetective, and Burp Suite.
Experience conducting analysis of vulnerability scan results
Advanced understanding of Unix/Linux (Solaris/Red Hat) and MS Windows Operating Systems
Advanced knowledge of general purpose vulnerability scanners (e.g., QualysGuard, Nessus)
Experience implementing and auditing against security configuration checklists (e.g., DISA STIGs, CIS Benchmarks)
Advanced understanding of NIST Special Publications (e.g., 800-53, 800-37)
Strong documentation and communication (written and verbal) skills.
Advanced understanding of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM)
CAP, CISSP, Security , or GSEC certification
Familiarity with scripting in UNIX shell, Perl, Python, or Excel macros
Working knowledge of network firewalls, WAFs, VPNs, and other security technologies
Ability and willingness to travel approximately 10-15% of the time within in the Continental US.
Knowledge and understanding of Cloud Security and FedRAMP
Bachelor's degree (Information Technology or Cybersecurity related field preferred, however not required).
5 years of professional experience in Cybersecurity related area
Experience configuring and conducting technical assessments using tools such as Nessus, HP WebInspect, AppDetective, BurpSuite, and QualysGuard.
Understanding of/experience implementing DHS Continuous Diagnostics and Mitigation (CDM) program and requirements.
Proficiency understanding the technical architecture of IT systems built using Windows, UNIX, Linux, IBM AIX, VMware, Citrix, Oracle and MySQL platforms.
Self-motivated and able to work in an independent manner.
Experience conducting FedRAMP assessments
Most work will be doneat a desk or computer.
GeneralOffice environment. The work environment is fast-paced and sometimes involvesextreme deadline pressures. The nature of the work requires a high degree ofteamwork and cooperation with other members of the staff as well as individualsacross the Company and Customers.
Equipment & Machines:
Generaloffice equipment including PC/laptop, Fax, Copiers, Shredder, Printers,Telephone, and other miscellaneous office equipment.
Attendance iscritical at all times. Must be able to work a 40-hour workweek, normally Mondaythrough Friday. However, times and days may vary depending on businessrequirements. Needs to be available to work overtime during critical peaks andbe available to meet last minute requests for overtime should the situationoccur.
Must be able to communicate effectively both verbally and inwriting
Grooming and dress must be appropriate for the position and mustnot impose a safety risk/hazard to the employee or others. Must put forward aprofessional behavior that enhances productivity and promotes teamwork andcooperation.
Must be able to interface withindividuals at all levels of the organization both verbally and in writing.Must be well-organized with the ability to coordinate and prioritize multipletasks simultaneously. Must work well under pressure to meet deadlinerequirements. Must be willing to travel as needed. Must take and pass a drugtest and background check as well as a motor vehicle records check. Must be a UScitizen.
Jacobs is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other characteristics protected by law. Jacobs is a background screening, drug-free workplace.
Primary Location United States-Virginia-Reston
Travel Yes, 10 % of the Time
Req ID: ATE00010E