JOB DESCRIPTION:

This position requires office presence of a minimum of 5 days per week and is only located at customer’s site. No relocation is offered.
AT&T Global Public Sector is a trusted provider of secure, IP enabled, cloud-based, network solutions and professional services to the Federal Government. We are dedicated to recruiting, developing and empowering a diverse, high-performing workforce that is passionate about what they do, committed to our shared values and dedicated to our customers’ mission.
Our team supports the federal government leveraging the Enterprise Infrastructure Solutions (EIS) contract vehicle providing multiple and diverse solutions to streamline, simplify, reuse, rebuild, modernize, or enhance the government’s network. This includes professional services, design, engineering, system architecture, installation, monitoring, solutioning, etc. Our customers are widespread agencies in the public sector and intelligence communities.
AT&T has an opening for an Independent Accessor to support the Department of State in Washington, D.C. on a 10-year contract charged with performing independent Security Control Assessments (SCA) of all networks under the customers purview inclusive of Unclassified, Secret, & TS/SCI, etc.) The role is inclusive of reviews of all existing security system documentation, system security plans, current Plan of Action & Milestone (POA&M) and Contingency Plan (CP) while utilizing the automated scanning tools to ensure existing applicable policies and standards currently being used are within the Risk Management Framework (RMF) for National Security Systems. Candidate will be responsible for General Support Systems (GSS), major applications, minor applications, cross domain solutions and cloud instance. Expectations include not only maintaining but to improve, make professional recommendations to improve systems by ensuring confidentiality, integrity, and availability of the Bureau’s systems and network infrastructure.

REQUIRED QUALIFICATIONS:

• Education associate’s degree or years of relevant experience in lieu of a degree, minimum 5+ years, in a field such as Information Systems, Computer Science, Engineering, Management Information’s Systems or related technical field.
• 5+ years providing independent risk analysis, determining assessment criteria, and documented recommendations which became standard and/or actionable.
• Minimum 7+ years experience as a Security Control Assessor and/or related field
• Strong knowledge in statutory guidance such as NIST 800 series, CNSSI, ICD’S, ICS’s, RMF and Operation Vulcan Logic (OVL).
• Expert knowledge of Cyber Security best practices
• Expert experience with authoritative risk determinations and recommendations critical for the Authorizing Official (AO) to grant an Authority to Operation (ATO).
• Evidence of independent risk assessments of assigned systems and an authorization recommendation
• Current active security certification – Security +
• Other professional certifications a plus

DESIRED QUALIFICATIONS:

• Strong client focus
• Strong presentation skills
• Ability to proactively network and establish relationships
• Be able to work in an office environment with other contractors and balance those relationships
• Experience as a Security Control Accessor and/or related experiences performing System Security related documentation.
  Our Senior Security Control Accessor, Junior Tech’s earn between $89,200 - $215,000. Not to mention all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.

• Maintain the current systems while assessing areas of immediate improvement, short-term improvement, and long-term improvement.
• Must go beyond a mere compliance focus on controls to articulate the inherent risks of systems
• Use XACTA or other methods deemed viable
• Perform on-going/constant compliance and vulnerability scanning
• Generate & articulate presentable findings for all levels of management, inclusive of Senior Government Officials and/or stakeholders
• Maintain staffing strategy and approach providing the government with appropriately cleared IT security professionals where needed in SCA’s functions
• Manage and maintain all systems which shall comply with Intelligence Community Directives (ICDs) and Standards (ICS), DOD and DOS compliance.
• Create, maintain and provide a project plan to ensure a repeatable process for assessing systems and delivering standardized deliverable documentation
• Must operate in a manner consistent with the Committee on National Security Systems (CNSSI) Instruction 1254, Risk Management Framework Documentation, Data Element Standards, and Reciprocity Process for National Security Systems (NSS), dated 8/31/2016 and ensure compliance with all appropriate Intelligence Community; National Institute of Standards and Technology (NIST); and Department of State policies, directives, and guidelines to include Intelligence Community Directives (ICD) and Standards (ICS).
• Make recommendations regarding opportunities to enhance the security posture of all Department systems.
• Ensure security is thoroughly incorporated into requirements, design, implementation, deployment, and operations and maintenance (O&M) of the agencies boundary and associated information system components.
• Provide kick off meetings, using power point, create timelines, define actions being performed and make assignments.
• Validate security controls to assure compliance
• Serve as security knowledge expert as it pertains to confidentiality, integrity, and availability
• Conduct evaluations, verification and analysis review of COTS/GOTS hardware/software for security flaws
• Perform all applicable Compliance scans using the most current DOD Security Technical Implementation Guides (STIGs) and generate a clear concise report.
• Perform all applicable Vulnerability Scans and generate a usable, clear, and concise report which could be used for senior level government management
• Maintain and advanced familiarity with applicable STIGs, industry best practices and/or vendor specific practices for ensuring secure configurations – stay up to date with new technologies, including educating and briefing on new technological advancements.
• Support testing environments well ahead of schedule for new technologies to be on the latest innovations with forward thinking and strategic future proofing.
• Assist in the development a Security Assessment Report (SAR) to be presented to Senior Leadership and Stakeholders – providing information on potential risks and solutions well in advance to assist with budgetary planning and implementation planning or testing.
• Assist with Weekly Status Report (WAR)
• Transition plan creation, submission, and performance
• Comprehensive understanding of Cyber Security posture of the bureau
• Maintain billable hours, provide burn rate reports, adhere to schedules
• Monitor POAM actions based on findings and reassess remediated risk(s) as appropriate
• Manage multiple priorities in a high-paced and fast-changing environment