Security Control Assessor Test Engineer, Level 2 (Government)
- Chantilly, VA
AT&T Global Public Sector is a trusted provider of secure, IP enabled, cloud-based, network solutions and professional services to the Federal Government. We are dedicated to recruiting, developing and empowering a diverse, high-performing workforce that is passionate about what they do, committed to our shared values and dedicated to our customers' mission.
Our National Security Team supports the intelligence community, providing, operating and assuring critical voice, video and collaboration services for the full spectrum of operations. The services required by this contract will assist OS&CI in providing the NRO a secure mission environment. The contractor shall provide realistic, innovative information security solutions to accomplish the requirements in addition to program management. The services obtained under this contract shall provide expertise to support information systems security, security control assessments, information assurance engineering, and security control assessments test engineering.
AT&T has an opening for a Security Control Assessor Test Engineer(SCATE), Level 2 to support the National Security Sector, in providing subject matter expertise supporting and participating in independent assessment activities as part of the Risk Management Framework (RMF) Assessment and Authorization (A&A) process within the NRO. Personnel will be responsible for auditing all entries and artifacts within the A&A database as well as conducting Red/Blue team tests to determine system readiness for their ATO packet submissions.
Job Duties/Responsibilities :
- Ability to conduct technical testing and evaluation of NRO and Intelligence Community (IC) systems. Tests and evaluations are conducted to ensure all IT technical security requirements are fulfilled in accordance with ICD 503 and the NRO's Risk Management Framework (RMF) process.
- Assist Program Offices in conducting assessments of the systems they build, referred to as Dry Run testing, providing Independent Verification and Validation (IV&V) testing of the system (Step 4 in the RMF process).
- Assist in participating in DNI IC community test events, such as DNI's IC Information Technology Environment (ICITE), Commercial Cloud Services (C2S), and the National Security Agency (NSA) GovCloud.
- Conduct reviews that ensure that all applicable security controls are included and have test cases. The test cases shall be vetted to ensure they are complete and actually test the control to which they are mapped.
- Ability to test systems that have one (1) "High" in any of the three (3) ICD 503 categories (Confidentiality, Integrity or Availability) (C-I-A) and a SCA request for ISCB support shall require that ISCB witness the execution of the program's Certification Test Plan (CTP). Additionally, some systems not meeting this threshold might, at management direction, require CTP witnessing. The skill set shall include the ability to conduct both "blue" and "red" team internal and external testing of target systems.
- Ability to test systems that have two (2) "Highs" in any of the three (3) ICD 503 categories (Confidentiality, Integrity or Availability) (C-I-A) shall require that VRIB witness the execution of the program's Certification Test Plan (CTP) and undergo a Penetration Test event. Additionally, some systems not meeting this threshold might, at management direction, require Full Testing. The skill set shall include the ability to conduct both "blue" and "red" team internal and external testing of target systems.
- Ability to conduct penetration testing on systems, as determined by management direction.
- Ability to conduct software review requests (S/WRRs), which consist of researching open source information to ensure that software proposed for use on any enterprise mission systems does not have any security concerns that cannot be mitigated.
- Ability to support Corporate Product List (CPL) reviews. VRIB conducts security reviews for items prior to addition onto the CPL. These reviews shall consist of a search of open source information to ensure any hardware or software being proposed for acquisition and inclusion on any enterprise or mission systems do not have any security concerns that cannot be mitigated.
- Ability to conduct In-Depth product reviews. These reviews shall test the requested hardware or software for security vulnerabilities. Product reviews shall include in-depth research into the product as well as hands-on testing. The incumbent will design, document and run the test event. Upon completion of the test event the incumbent shall generate a test report.
- Ability to operate and maintain the customer test labs and environments as well as reconfigure these environments to support applicable test events.
Active TS/SCI, with Poly (#polygraph)
- Candidates must have a bachelor's degree or higher and 5 years of experience that can be a combination of work history and education.
- This equates to bachelor's or higher and 5 years, Master's and 3 years, an Associates and 8 years or HS and 10 years.
- Requires CEH as a minimum, and must have a DoD 8570 compliant IASAE I certification (I.e. CASP+ CE, CISSP (or Associate), CSSLP) within 6 (six) months of hire.
- ICD 503 and the Government's certification and accreditation process;
- Networks, computer components, system protocols, and COTS technology
- System methodologies including client/server, web hosting, web content servers, policy servers, directory servers, firewalls, WAN, MAN, LAN, switches, and routers
- Software integration of COTS and Government Off-the-Shelf (GOTS) products
- Windows, Linux, Unix, and Mac OS X administration
- VMware, Xen, Hyper V and other virtualization platforms
- Configuring and supporting Windows, Linux, Unix, Mac OS, and other operating systems
- Configuring and supporting VMware, Xen, Hyper V and other virtualization platforms
- Software engineering
- Program design and implementation
- Configuration management
- System maintenance
- Integration testing
- Information system engineering
- Penetration testing and analysis
- System certification activities and efforts related to system certification and accreditation
- Research, development, integration, and distribution of IS security tools and associated documentation
- Security procedures for systems and software within area of expertise to ensure consistent security policy implementation
- Education relevant to computer engineering, information security, information management, and/or computer science
- Experience in technical project management
Back to top