Security Control Assessor

Visit our website at to apply! SUMMARY Bering Global Solutions, LLC, a subsidiary of Bering Straits Native Corporation is currently seeking a qualified Security Control Assessor, Lead for a government client in Washington, DC. The selected individual will guide system owners, designated IT security personnel in the program offices, and other staff in fulfilling Federal Information Security Management Act (FISMA) requirements. The Security Control Assessor, Lead works to analyze, plan, and execute the work necessary to ensure the confidentiality, integrity and availability of the federal client's IT systems, network, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures and tools. QUALIFICATIONS - EXPERIENCE, EDUCATION AND CERTIFICATION To perform this job successfully, an individual must be able to satisfactorily perform each essential duty. The requirements listed below are representative of the knowledge, skill andor ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Required (Minimum) Qualifications - Basic-level understanding of basic computer and networking technologies: - TCPIP stack - Windows operating systems - LinuxUnix-based operating systems - Networking technologies (routing, switching, VLANs, subnets, firewalls) - Common networking protocols - SSH, SMB, SMTP, FTPSFTP, HTTPHTTPS, DNS, etc... - Common enterprise technologies - Active Directory, Group Policy, VMware vSphere - Moderate-level understanding of IT security principles, technologies, best practices, and NIST guidance - Logical Access Control - PKI and other encryption method - DISA STIG Security configuration baselines - Auditing - Vulnerability discovery and management - NIST SP 800-53 rev. 4 control - Must be Certified Information Systems Security Professional (CISSP) Certified - Excellent communications skills. Ability to communicate with senior management and federal client staff - both technical and non-technical - in a clear and concise manner using proper spelling, punctuation and grammar. - Mastery of federal IT security laws such as the Federal Information Security Management Act (FISMA), policies, regulations, requirements, Executive Orders and Presidential Decision Directives such as EO 13556, HSPD12, OMB Memos M-06-16, and M-07-16; NIST 800 series, the federal IT security and incident reporting hierarchy. - Knowledge and experience in categorizing systems per current NIST guidelines, defining system boundaries and identifying minimum and supplementary security controls to protect sensitive and critical IT systems. - Knowledge and experience with the Risk Management Framework (RMF), Assessment and Authorization (A&A), SSP Development, and conducting audits of security controls. - Knowledge and experience protecting the confidentiality, integrity and available of sensitive and critical information systems - Knowledge and experience performing network security vulnerability assessments. - Knowledge and experience with all areas of the System Development Lifecycle (SDLC) of IT systems. Knowledge, Skills and Abilities - Basic-level understanding of common computer and networking technologies: - TCPIP stack - Windows operating systems - LinuxUnix-based operating systems - Networking technologies (routing, switching, VLANs, subnets, firewalls) - Common networking protocols - SSH, SMB, SMTP, FTPSFTP, HTTPHTTPS, DNS, etc... - Common enterprise technologies - Active Directory, Group Policy, VMware vSphere - Interest in securityhacking culture. Ability to "think like an attacker" - Certifications of interest: - Security+ - Certified Authorization Professional (CAP) - Project Management Professional (PMP) - Microsoft Certified Solutions Associate (MCSA) - Red Hat Certified System Administrator (RHCSA) Preferred - Technical background - Experience working as any of the following: - Software application developer - System administrator - Network engineer - IT Helpdesk Tier II or above - Bachelor's Degree or higher in information technology or information security-related field - Interest in securityhacking culture. Ability to "think like an attacker" - Certifications of interest: - Security+ - CISSP - Certified Authorization Professional (CAP) - Microsoft Certified Solutions Associate (MCSA) - Red Hat Certified System Administrator (RHCSA) NECESSARY PHYSICAL REQUIREMENTS The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Employees must always maintain a constant state of mental alertness. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Essential and marginal functions may require maintaining physical condition necessary for bending, stooping, sitting, walking or standing for prolonged periods of time; most of time is spent sitting in a comfortable position with frequent opportunity to move about. DOT COVEREDSAFETY-SENSITIVE ROLE REQUIREMENTS - This position is not subject to federal requirements regarding Department of Transportation "safety-sensitive" functions. WORK ENVIRONMENT Work Environment characteristics described here are representative of those that must be borne by an employee to successfully perform the essential functions of this job. Job is performed in an office setting with exposure to computer screens and requires extensive use of a computer, keyboard, mouse and multi-line telephone system. The work described herein is primarily a modern office setting. Occasional travel may be required. SUPERVISORY RESPONSIBILITIES - No supervisory responsibilities. ADDITIONAL QUALIFYING FACTORS Public Trust or the ability to obtain and maintain a Public Trust clearance. (Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Accordingly, U.S. Citizenship is required.) Shareholder Preference BSNC gives hiring, promotion, training, and retention preference to BSNC shareholders, shareholder descendants and shareholder spouses who meet the minimum qualifications for the job. Bering Straits Native Corporation is an equal opportunity employer. All applicants will receive consideration for employment, without regard to race, color, religion, creed, national origin, gender, or gender-identity, age, marital status, sexual orientation, veteran status, disability, pregnancy or parental status, or any other basis prohibited by law. Equal Opportunity EmployerVeteransDisabled We participate in the E-Verify Employment Verification Program. We are a drug free workplace. Visit our website at for more details and to apply. #CB ESSENTIAL DUTIES & RESPONSIBILITIES The Essential Duties and Responsibilities are intended to present a descriptive list of the range of duties performed for this position and are not intended to reflect all duties performed within the job. Other duties may be assigned. - Plan, develop, review and maintain baselines for client's information system to such as, System Security Plans, Software & Hardware Boundaries Documents and Diagrams, Control Implementation Matrix, Inheritance and Overlay Memos, Security Assessment and Authorization artifacts and ATO packages. - Lead and facilitate meetings with system owners, executive management, staff, and contract partners and technical personnel to provide IT security guidance, define system boundaries, and establish and maintain information security standards and procedures in compliance with information security and risk management policies, standards, and guidelines. - Plan, develop, and conduct vulnerability and compliance scans, contingency plan testing, and risk assessment on client's information systems. A Equal Opportunity EmployerProtected VeteransIndividuals with Disabilities The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)

Created: 2025-02-23