Position Description
If you love high profile and challenging projects supporting the Missile Defense Agency (MDA) Security Control Assessors (SCA) , Serco has a great opportunity for you! As a Cyber Risk Assessment Engineer you will be supporting the MDA through all phases of Cybersecurity Risk Assessment for our customer. Bring your expertise and collaborative skills to make an impact towards your career and join our team onsite in Huntsville, AL.
Cybersecurity Risk Assessment (CRA) Engineers support the Missile Defense Agency (MDA) Security Control Assessors (SCA) within the Independent Verification and Validation (IV&V) team by performing comprehensive and thorough risk assessments for the MDA. The Risk Assessment process evaluates data from many sources to provide a holistic assessment that enables the Authorizing Official (AO) to make an authorization decision. This process takes vulnerabilities associated with non-compliant RMF controls and evaluates their risk to the mission and the agency to arrive at a residual risk.
JOB RESPONSIBILITIES:
Perform risk assessments on packages submitted from the Information System Security Manager (ISSM) in Enterprise Mission Assurance Support Service (eMASS)
Perform risk assessment activities for evaluating System Security Plans (SSP), Interim Authorization To Test (IATTs), Authorization to Operate (ATO), and Authorization to Connect (ATC)
Execute and document risk assessments, including interacting directly with the SCAs and the ISSMs and their Cybersecurity support staff and supporting ATO signing sessions
Qualifications
To be successful in this role, you will have:
Active DoD Secret security clearance
Certified Information Systems Security Professional (CISSP) or IASAE Level II equivalent (per DoD 8570.01-M)
Demonstrated knowledge of DoD Implementation of National Institute of Standards and Technology's (NIST) Risk Management Framework (RMF) and specifically NIST 800-53 RMF Security Control Catalog
Capable of leading and executing Risk Assessment efforts
Capable of analyzing technical, administrative, and policy based vulnerabilities and aligning them to NIST 800-53 security controls
Candidate must provide organized architectural and engineering recommendations to reduce the overall residual risk
Working knowledge and familiarity of:
o DoD Cybersecurity Test & Evaluation Guidebook
o Main Phases of Defense Acquisition System & Life-cycle
o Program Protection (PP)/System Security Engineering (SSE)
o DoD Implementation of NIST RMF Process
o Supply Chain Risk Management (SCRM) Concepts
o Software Assurance (SwA) Concepts
Company Overview
Serco Inc. (Serco) is the Americas division of Serco Group, plc. Serco serves every branch of the U.S. military, numerous U.S. Federal civilian agencies, the Intelligence Community, the Canadian government, state and local governments, and commercial clients. We help our clients deliver vital services more efficiently while increasing the satisfaction of their end customers. Headquartered in Herndon, Virginia, Serco Americas has over 9,000 employees and is part of a $4 billion global business that helps transform government and public services around the world. At Serco, our employees are our most valuable asset - we listen, respect and support them throughout their career at Serco. We invite you to become part of our dynamic team. Serco is an equal opportunity employer committed to diversifying our workforce (Race/ Color/ Sex/ Sexual Orientation/ Gender Identity/ Religion/ National Origin/ Disability/ Vets).
To review Serco benefits please visit: https://www.serco.com/na/careers/benefits-of-choosing-serco .
If you require an accommodation with the application process please email: careers@serco-na.com or call the HR Service Desk at 800-628-6458, option 1. Please note, due to EEOC/OFCCP compliance, Serco is unable to accept resumes by email.
Serco does not accept unsolicited resumes through or from search firms or staffing agencies without being a contracted approved vendor. All unsolicited resumes will be considered the property of Serco and will not be obligated to pay a placement or contract fee. If you are interested in becoming an approved vendor at Serco, please email Agencies@serco-na.com .
COVID-19 Regulations: Serco complies with all applicable COVID-19 requirements. This may require employees to be vaccinated against COVID-19, provide attestations regarding vaccination status and/or COVID-19 testing, or satisfy other conditions of employment that Serco deems appropriate, and employees may be required to show proof of vaccination and/or negative COVID-19 test results as a condition of employment (except in limited circumstances where an employee is legally entitled to an accommodation).
Click here to apply now (https://careers-sercona.icims.com/jobs/53381/cybersecurity-risk-assessment-%28cra%29-engineer/job?mode=apply&apply=yes&in_iframe=1&hashed=-1834477830)
Refer a friend for this job
New to Serco?
Join our Talent Community! (https://talent.serco-na.com/talentcommunity/signup)
ID 53381
Recruiting Location : Location US-AL-Huntsville
Category Information Security/Cyber
Position Type Full-Time
Security Clearance Secret
Telework No - Teleworking not available for this position
Campaign LPWBB
