The Swift Group is seeking an experienced Security Control Assessor (SCA) to join our team. This candidate will be responsible for evaluating the security posture of our systems and infrastructure, ensuring compliance with relevant frameworks and standards, and identifying vulnerabilities to mitigate potential risks effectively. The ideal candidate will have a strong background in cybersecurity, extensive experience with compliance and vulnerability scanning tools, and a deep understanding of assessment and authorization processes. This position is located in either McLean, VA.

• 3 years of cybersecurity experience with at least one year of experience conducting SCAs under ICD 503/CNSSI 1253 NIST Cybersecurity Framework, Risk Management Framework (RMF), or a similar framework
• At least 1 year of experience as a Security Control Assessor (SCA) within the past 3 calendar years
• Demonstrated hands-on experience with compliance and vulnerability scanning tools (XACTA, RedSeal, Nessus, Splunk, McAfee ePO, and/or other vulnerability scanners)
• Possess a strong understanding of the Assessment and Authorization (A&A) process
• One full year supporting cloud environment and experience performing security assessments in a cloud environment (AWS, Google, IBM, Azure, and Oracle)
• Must meet Department of Defense (DOD) 8570.01-M baseline certification requirement for Information Assurances Technical (IAT) Level III CASP CE, CCNP Security, CISA, or CISSP or Associate, GCED, GCIH, or CCSP
• Possess knowledge of Independent Verification & Validation (IV&V) of security controls
• Possess knowledge of general attack strategies (e.g., MITRE ATT&CK Framework)
• Demonstrated knowledge of NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other ICDs as appropriate
• Ability to make recommendations to the IC CISO or designee for improving TTPS for better cyber threat protection
• Knowledge of network access, identity, and access management e.g. public key infrastructure (PKI)
• Knowledge of network protocols such as Transition Control Protocol/Internet Protocol (TCP/IP), Dynamic Host Configuration, Domain Name System (DNS), and directory Services
• High School Diploma
• US Citizenship and an active TS/SCI with Polygraph security clearance required

Desired Qualifications:

• Demonstrated experience writing final reports and defend all findings, including risk or vulnerability, mitigation strategies, and references
• Report vulnerabilities identified during security assessments
• Experience writing penetration testing Rules of Engagement (ROE), Test Plans, and Standard Operating Procedures (SOP)
• Demonstrated experience conducting security reviews, technical research and provided reporting to increase security defense mechanisms