The Sr. SCA will assess the overall security compliance of the client’s information systems by actively analyzing security functions for design weaknesses and technical flaws, determining system vulnerabilities by performing vulnerability assessments, and conducting on-site evaluations
- System Testing methodologies experience (includes but is not limited to: penetration testing, configuration analysis and security best practices validation) as well as experience with a variety of security testing and penetration testing tool sets including ACAS/Nessus (Security Center & Nessus Vulnerability Scanner)
- Provide recommendations concerning safeguarding of information systems and will conduct a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls.
- Analyze design specifications, design documentation, configuration practices and procedures, and operational practices and procedures
- Provide identification of non-compliance of security requirements and possible mitigations to requirements that are not in compliance
B.S. degree & 12 yrs experience
DOD 8570 IAT / IAM III Certification: (CASP CE, CCNP Security, CISA, CISSP [or Associate], GCED, GCIH, CISM or GSLC)
All Candidates are required to possess and active government clearance
- Familiarity with Xacta, LatteArt, and general knowledge of the RMF life cycle.
- Experience using vulnerability scanners such as Security Center and Nessus.
- Strong understanding of NIST 800-53 controls and experience with DISA STIGS.
- Familiarity with various operations systems such as Microsoft Windows, various versions of UNIX (AIX, Solaris, HPUX, etc), and Linux
- Ability to understand and interpret security policies
- Strong presentation, report writing and customer interface skills
- Familiarity with developing Nessus audit files.
- Familiarity with executing and writing SCAP
- Detailed knowledge of TCP/IP and other major protocols (i.e. NetBEUI, NETBIOS, IPX/SPX) and the inherent weaknesses of the protocols
- Understanding of ‘hacking’ methodology concerning performing a vulnerability assessment
- Ability to describe a system's avenues of compromise in a network environment and differentiate between various types of network attacks
- An understanding of a typical secure topology and architecture for a site connected to the Internet (i.e. routers, firewalls, web servers)