Security Control Assessment (SCA) Analyst

Overview

Steampunk wants you to be a SCA Analyst on our team to support a government customer on site in Arlington, VA. The primary responsibilities for the position are to support all activities that ensure the level of security documented with the security authorization is maintained at an acceptable level of risk. The nature of the work requires that the candidate demonstrate initiative, organization, responsibility, customer service skills, and the ability to be flexible and adaptive to a fast-paced, fluid business environment. The candidate must be able to communicate effectively and decisively with all levels of the organization and be able to solve practical problems as well as exercise sound judgement with regards to sensitive and confidential information. Proactively create, monitor and update the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates.

Contributions

As a member of one of our DHS support teams, you will play an important role performing a wide array of Cybersecurity duties including: 

• Assess the organization’s existing IT security program, work products, and tools in relation to key agency mission, security goals, and objectives.  
• Develop, engineer and implement sustainable security solutions designed to address program gaps.
• Assess and articulate risk in relation to mission/business objectives and processes.
• Document security processes and status in support of security authorization (also referred to as C&A or A&A) activities.

Qualifications

Required Qualifications:

• Possesses and applies expertise on multiple complex work assignments which are broad in nature, requiring originality and innovation in determining how to accomplish tasks. 
• Has the ability to apply a comprehensive knowledge across key tasks and high impact assignments. 
• Plans and leads major technology assignments.
• Evaluates performance results and recommends major changes affecting short-term project growth and success. 
• Functions as a technical expert across multiple project assignments.
• Bachelor's Degree and 5 years of relevant IT cybersecurity experience; OR
  • No degree and 10 years of experience, 2 of which must be in FISMA

Preferred Qualifications:

• Familiarity with one or more of DHS Directive 4300A, FIPS Pubs 199 & 200, and NIST Special Pubs 800-30, 800-37, 800-39, 800-53, 800-60
• Experience as an Information System Security Officer (ISSO)
• Experience with Vulnerability, Configuration, and Asset Management tools in support of Continuous Monitoring
• Experience with POA&M management
• Experience performing Security Authorization
• Experience performing Risk Analysis and Assessment
• Experience with CSAM or similar tool
• Knowledge of Security Compliance and Risk Management Frameworks: Expertise in NIST 800-53A, DHS standards, and risk management frameworks like FISMA, with hands-on experience in conducting security compliance assessments and developing risk management strategies.
• Technical Proficiency in Security Control Testing and Vulnerability Management: Proficiency in vulnerability scanning, configuration management, and patch management tools, along with the ability to analyze and address vulnerabilities in complex systems.
• Strong Documentation and Reporting Skills: Experience creating and maintaining comprehensive security authorization documentation, ATO packages, and compliance records, with the ability to convey technical findings clearly in both reports and presentations.
• Effective Collaboration and Communication Abilities: Skilled in coordinating with various teams (e.g., Privacy, Information Governance), providing audit support, and conducting risk briefings, along with the ability to communicate security requirements in the context of development cycles and stakeholder expectations.
• Process Improvement and Innovation Mindset: A proactive approach to refining security assessment processes, developing standardized language for security controls, and enhancing continuous monitoring practices to address emerging cybersecurity challenges effectively.

Preferred Skills:

• Current experience providing ISSO support to DHS
• Experience supporting systems hosted in Cloud environments.
• Experience supporting systems in Agile and DevOps environments
• Desired personnel certifications from DoD 8140, Intermediate or Advanced Foundational Qualification Options, for (722) Information System Security Manager.
  • Intermediate includes:
    • CGRC/CAP or CASP or CCSP or Cloud or SSCP or Security or GSEC
  • Advanced includes:
    • CISM or CISSO or FITSP-M or GCIA or GCSA or GCIH or GSLC or GICSP or CISSP-ISSMP or CISSP
•  

About steampunk

Steampunk relies on several factors to determine salary, including but not limited to geographic location, contractual requirements, education, knowledge, skills, competencies, and experience. The projected compensation range for this position is $105,000 to $140,000.  The estimate displayed represents a typical annual salary range for this position. Annual salary is just one aspect of Steampunk’s total compensation package for employees. Learn more about additional Steampunk benefits here. 

Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors.  Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges.  As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program. 

Salary : $105,000 - $140,000