ChantillyRecruiter Since 2001
the smart solution for Chantilly jobs

Security Control Assessor Test Engineer (SCATE) Support-Intermed with Security Clearance

Company: RDR, Inc.
Location: Chantilly
Posted on: November 10, 2019

Job Description:

Job Title Security Control Assessor Test Engineer (SCATE) Support-Intermediate Level Location WESTFIELDS - Chantilly, 20151 US (Primary) Job Type Full-time Category IT Security Job Description *****FOR PROPOSAL PURPOSES***** *****CONUS AND OCONUS***** TS/SCI WITH POLY CLEARANCE IS REQUIRED Intermediate Level-2 3 years of experience The Security Control Assessor Test Engineer is charged with completing tasks identified within the Vulnerability and Risk Identification Branch (VRIB) or designated government representative (heretofore referred to as CNRIB), initiating tasks in accordance with customer requirements. The quantity and variety of work, priorities and urgency will vary with customer and mission needs. Performing all work in accordance with the NRO's ICD 503 Risk Management Framework (RMF) process; and manage workload in accordance with CNRIB established guidance regarding timeliness and priorities. Responsibilities include completing all tasks and producing quality deliverables consistent with all applicable directives. This includes adjusting schedules, workload and resources as requirements change. Maintaining a status of all work to demonstrate progress for completing assigned deliverables consistent with the CNRIB time and priority constraints. Providing status to CNRIB or the COTR upon request. Location: The work will be conducted at Government facilities, military installations and industry partner facilities. A significant portion of the work will be conducted in the metropolitan Washington DC (DMV), and Colorado areas. This is not all inclusive and additional work will occur at other parts of the continental U.S. and selected overseas locations. Except for System Readiness Reviews (SRRs), the SCATE is responsible for deliverables distributed to VRIB management for approval. After approval, deliverables are provided to Information Systems Certification Branch (ISCB) SCAs. Once VRIB management approval is received, SCATE is responsible for disseminating reports in a way they cannot be altered (i.e. using Adobe PDF format). All SRRs shall be delivered as inputs into the Software Security Risk Database (SSRDB). Assign assessed products to a security risk profile. Education: Education relevant to computer engineering, information security, information management, and/or computer science Experience in technical project management Skills: A SCATE should possess technical knowledge in a majority of the following: ICD 503 and the Government's certification and accreditation process; Networks, computer components, system protocols, and COTS technology; System methodologies including client/server, web hosting, web content servers, policy servers, directory servers, firewalls, WAN, MAN, LAN, switches, and routers; software integration of COTS and Government Off-the-Shelf (GOTS) products; Windows, Linux, Unix, and Mac OS X administration; VMware, Xen, Hyper V and other virtualization platforms. A SCATE should possess technical experience in a majority of the following: Configuring and supporting Windows, Linux, Unix, Mac OS, and other operating systems; Configuring and supporting VMware, Xen, Hyper V and other virtualization platforms; Software engineering; Program design and implementation; Configuration management; System maintenance; Integration testing; Information system engineering; Penetration testing and analysis; System certification activities and efforts related to system certification and accreditation; Research, development, integration, and distribution of IS security tools and associated documentation; Security procedures for systems and software within area of expertise to ensure consistent security policy implementation Job Requirements Responsibilities include but are not limited to the following: Conduct and facilitate technical testing and evaluation of NRO and Intelligence Community (IC) systems. Tests and evaluations are conducted to ensure all IT technical security requirements are fulfilled in accordance with ICD 503 and the NRO's Risk Management Framework (RMF) process. VRIB conducts tests and evaluations of software, hardware, networks and applications. During the process of working on any of the SCATE tasks, dialogue and discussion between the SCAs and SCATEs can take place and is encouraged to ensure that requirements are met. The security documentation of the system shall be reviewed prior to conducting a test and evaluation. NRO Program Offices often perform their own assessments of the systems they build, referred to as Dry Run testing. Within "VRIB" SCATEs will provide Independent Verification and Validation (IV&V) testing of the system. VRIB's test results will then be used to support Director/OS&CI certification recommendations and CIO's Approval to Operate (ATO) decisions. May occasionally be requested to participate in DNI IC community test events, such as DNI's IC Information Technology Environment (ICITE), Commercial Cloud Services (C2S), and the National Security Agency (NSA) GovCloud. The type and extent of testing and evaluation for such events varies. Contractor personnel shall be given direction by the VRIB management as to the extent of effort and work that will be performed on these IC community efforts. Provide System Security Control Document Review Report. This review will ensure that all applicable security controls are included and have test cases. The test cases shall be vetted to ensure they are complete and actually test the control to which they are mapped. The contractor shall have 20 (twenty) calendar days to complete this review and to produce a report on any discrepancies. The report shall follow a template that shall be created, maintained, and updated by the contractor with VRIB management oversight and approval. The report shall be sent to the SCA at the completion of the VRIB Test Readiness Review. Information System Security Control Assessment Test Report. The SCATE will test systems that have one (1) "High" in any of the three (3) ICD 503 categories (Confidentiality, Integrity or Availability) (C-1-A) and a SCA request for VRIB support shall require that VRIB witness the execution of the program's Certification Test Plan (CTP). Additionally, some systems not meeting this threshold might, at VRIB management direction or CIO's office direction, require VRIB CTP witnessing. All systems requiring VRIB's CTP execution witnessing shall go to VRIB's Technical Readiness Review (TRR) for CTP test date(s) determination. The TRR is chaired by VRIB management and attended by a program representative, the system's SCA (or SCAs), and the applicable VRIB tester(s) shall discuss and agree on CTP execution test dates. VRIB testers shall review Program provided RMF Step 3 Body of Evidence security documentation and witness the execution of the CTP test event. The VRIB tester shall have 14 (fourteen) business days to complete a Certification Test Report (CTR). The 14 days begins at the completion of the test event or when the tester receives all of the documents from the test event when they must be couriered back to the office, whichever is later. The CTR shall follow a template that shall be created, maintained and updated by the contractor with VRIB management approval. VRIB management shall conduct quality and content checks on all CTRs to ensure quality and completeness. If a CTR is unacceptable, the contractor shall make the necessary corrections and re-submit to VRIB management. This review process shall be included in the CTR timeline, not in addition to the timeline. The contractor shall allow for sufficient time to review within the CTR timeline. This report shall be submitted to, and used by the SCA to produce the Security Assessment Report (SAR). Full Testing (CTP Review and Penetration Testing). The SCATE shall test systems that have two (2) "Highs" in any of the three (3) ICD 503 categories (Confidentiality, Integrity or Availability) (C-1-A) shall require that VRIB witness the execution of the program's Certification Test Plan (CTP) and undergo a Penetration Test event. Additionally, some systems not meeting this threshold might, at VRIB management direction or CIO's office direction, require VRIB Full Testing. All systems requiring Full Testing by VRIB shall go to VRIB's Technical Readiness Review (TRR) for test date(s) determination. The TRR is chaired by VRIB management and attended by a program representative, the system's SCA (or SCAs), and the applicable VRIB tester(s) shall discuss and agree on test dates. VRIB testers shall review Program provided RMF Step 3 Body of Evidence documentation and witness the execution of the CTP test event. The second portion of Full Testing shall involve VRIB performing Penetration Testing using accounts provided by the program to perform "credential scans" and additional scans as deemed necessary and specified at the TRR. The contractor shall have 14 (fourteen) business days to complete a Certification Test Report (CTR). Penetration Testing. The SCATE shall conduct penetration testing on systems, as determined by VRIB management direction or CIO office direction. These systems also go to a TRR for test date(s) determination. The contractor (VRIB testers) shall review Program provided RMF Step 3 Body of Evidence documentation and perform Penetration Testing using accounts provided by the program to perform "credential scans" and additional scans as deemed necessary and specified at the TRR. Software Review Requests (SRRs). The SCATE shall conduct VRIB SRRs, which consist of researching open source information to ensure that software proposed for use on any enterprise mission systems does not have any security concerns that cannot be mitigated. All requests are received via email from the SSRDB automated process. All responses shall be entered into the SSRDB database with sufficient detail to enable a user to use the information to approve and/or mitigate any identified security concerns. All reviews shall b

Keywords: RDR, Inc., Chantilly , Security Control Assessor Test Engineer (SCATE) Support-Intermed with Security Clearance, Other , Chantilly, Virginia

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Other Other Jobs


Travel Nurse - ICU RN - Leesburg, VA
Description: Travel ICU Registered Nurse RN br Earn 1,600- 1,700 weekly when you start your next travel opportunity with this great Registered Nurse RN position in Leesburg, VA. br Job Details br ul (more...)
Company: General Healthcare Resources - Travel Nursing
Location: Leesburg
Posted on: 11/13/2019

Clerk
Description: DescriptionMajor Duties and Responsibilities: ul li Responsible for gathering, sorting and prioritizing materials to be filed. li Responsible for adding new material to file records
Company: Orlans Group
Location: Leesburg
Posted on: 11/13/2019

CDL-A Owner Operator Truck Driver
Description: FLATBED CDL-A INDEPENDENT CONTRACTOR TRUCK DRIVER JOBS 8K Elite Bonus For Independent Contractors At Boyd Bros. At Boyd Bros., we are bound by values that reinforce
Company: Boyd Brothers Transportation
Location: Harrisonburg
Posted on: 11/13/2019


National OTR Dry Van Driving Job - Leesburg, VA
Description: Crete Carrier is seeking professional truck drivers to join their national over the road fleet. Home Time options include 12 and 21 days out. Apply today. Fleet Information Starting Pay: .48 to (more...)
Company: Crete Carrier Corporation
Location: Leesburg
Posted on: 11/13/2019

CDL-A DEDICATED COMPANY TRUCK DRIVERS & OWNER OPERATOR OPPORTUNITIES
Description: Choose U.S. Xpress for an EXTRA 12,000 in Your First Year - 1000 Paid Monthly - Available
Company: USXpress
Location: Charlottesville
Posted on: 11/13/2019

Teller- 20 hours- Airport Road
Description: Job Description br Important Note: If you are selected to move forward in the process, next steps for this job may include an on-line assessment and a video screen. Please make sure your profile includes (more...)
Company: Wells Fargo
Location: Charlottesville
Posted on: 11/13/2019

Registered Nurse Pre-Op
Description: SunIRef:Nurse:title Registered Nurse Pre-Op Inova Health System 1,068 reviews Leesburg, VA 20176 The Inova RN provides knowledgeable and caring clinical practice and care coordination through an understanding (more...)
Company: Inova Health System
Location: Leesburg
Posted on: 11/13/2019

Hardware Specialist II
Description: Employee Type: Full-Time Location: 2031 Deyerle Avenue Harrisonburg, VA Job Type: Marketing, Sales Experience: At least 5 year s Date Posted: 11/4/2019 Job Description Arconic NYSE: ARNC creates breakthrough (more...)
Company: Arconic
Location: Harrisonburg
Posted on: 11/13/2019

Get New Carpenter Work Today - Preview Leads In Your Area
Description: Over 25 million homeowners have trusted HomeAdvisor 1800Contractor to help them find quality professionals with the expertise to turn their home improvement
Company: HomeAdvisor
Location: Charlottesville
Posted on: 11/13/2019

National OTR Refrigerated Truck Driving Job - Leesburg, VA
Description: Shaffer Trucking is hiring professional truck drivers to join their national over the road fleet. Home time options include 12 and 21 days out. Apply today. Fleet Information Starting Pay: .51 to (more...)
Company: Crete Carrier Corporation
Location: Leesburg
Posted on: 11/13/2019

Log In or Create An Account

Get the latest Virginia jobs by following @recnetVA on Twitter!

Chantilly RSS job feeds