Principal Security Control Assessor

Description

SAIC is seeking a Principal Security Control Assessor that will possess a thorough understanding in a wide range of security tools, techniques and procedures, including the following efforts:

• Identifies cybersecurity vulnerabilities in DOD’s NC3 systems and networking assets; determines mission risk and consults with and develops technical recommendations for CC/S/A owners on measures for mitigating cybersecurity risks ensuring delivery of a viable and robust NC3 cybersecurity posture.
• Reviews and evaluates NC3 security reports for cybersecurity issues; develops new methods and techniques to ensure actions are taken to correct and/or mitigate issues on DoD NC3 systems.
• Provides NC3 systems cybersecurity briefings, analysis, and recommendations for implementation to senior leaders as required. 
• Analyze NC3 system cybersecurity assessments and findings, de-conflict, and normalize recommendations to senior leaders based upon assessment activities and results sought from varied venues. Provide summary of assessments within 2 days, highlighting newly identified vulnerabilities.
• Drafts, coordinates, and presents mission risk to NC3 missions IAW DoDI 8510.01. Assessments and products will be completed IAW SI 311-02 and will normally be technically accurate and include the most current information available.
• Researches, interprets, and analyzes broad guidance from Chairman Joint Chiefs of Staff (CJCS), Department of Defense (DOD), and other national regulations, policies, and guidelines
• Integrate changing DOD cybersecurity policies and USSTRATCOM NC3 initiatives through updates to Strategic Instructions, input on routine document reviews, and maintaining published guidance to the NC3 community.
• Conduct formal coordination via JSAP (and other methods) for event driven NC3 cybersecurity community tasking’s and follow SI 901-02 for coordination and memorandums requiring flag-level signature.
• Maintain USSTRATCOM policies, procedures, methodologies, and the analytical framework to support accomplishment of cybersecurity information system and mission risk assessments for NC3 systems/missions. 
• Researches, analyzes and understands the interrelationships between systems within a functional mission area. 
• Develops/updates/maintains the analytical framework and methodologies based on higher level guidance to assess mission risk within a functional mission area based on system level impacts.
• Establishes, develops, and maintains effective working relationships and partnerships with Combatant Commands, Services, and Agencies to promote NC3 cybersecurity efforts and USSTRATCOM's NC3 cybersecurity vision.
• Participates in special projects and initiatives and performs special assignments. Identifies the need for special projects and identifies milestones and goals. 
• Develops agendas, decision topics, obtains briefings and information papers for meetings.
• Ensures accurate documentation of meeting action items and minutes for Senior Staff review. 

Qualifications

TYPICAL EDUCATION AND EXPERIENCE: Bachelors and nine (9) years or more experience; Masters and seven (7) years or more experience ; PhD or JD and four (4) years or more experience or 13 years of experience in lieu of degree

Clearance required to start: Top Secret/SCI or DoE Q Must be a US citizen required certification compliance:

Three-year’ experience working with the DOD cybersecurity major driving policies- DoD 8510.01 (RMF), DoDI 8500 series (Cybersecurity), and CNSSI 1253

Experience in RMF process across the Navy, Air Force, Space Force, and Intelligence cybersecurity communities

Experience creating Plan of Action & Milestones to meet RMF controls, familiarity with eMASS tool, reviewing security artifacts, etc. ,

Three-year’ experience as Cybersecurity Analyst on DOD projects and/or systems of similar scope.

 

DoD-M 8570.1-M certified at all times, with new hires taking no more than 6 months to obtain the relevant certification

 

Desired Qualifications

 

One year of experience working with SharePoint and website management, Microsoft Excel experience

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.