Security Control Assessor Senior in San Antonio, TX at Galapagos, LLC

Date Posted: 11/20/2019

Job Snapshot

Job Description

Galapagos is looking for a Senior Cyber Security Professional with extensive experience certifying information systems, policy development, management of a Cyber Security program, and a working knowledge of Cyber Security policies, directives, and instructions used within the Intelligence and DoD communities. The SCA is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an Information System (IS) to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). SCAs also provide an assessment of the severity of weaknesses or deficiencies discovered in the IS and its environment of operation and recommend corrective actions to address identified vulnerabilities.

Essential Duties and Responsibilities:

  • Demonstrate subject matter expertise with the RMF processes, policies, and methodologies and apply it to meet the government’s security needs.
  • Develop and review Security Assessment Report (SAR), Risk Assessment Report (RAR), System Security Plan (SSP), Plan of Action and Milestones (POA&M), Security Control Traceability Matrix (SCTM) and Cross Domain Solutions (CDS) rule sets.
  • Must have extensive experience in conducting security testing including actual experience as a Test Director with responsibility for recommending accreditation decisions.
  • Must be proficient in the use of VISIO or other drawing software and have extensive experience in the generation of functional logical and physical diagrams from high level depictions to extremely detailed diagrams of networks and site information technology architectures.
  • Knowledge of encryption algorithms (e.g., internet Protocol Security [IPSEC]. Advanced Encryption Standard [AES], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], triple Data Encryption Standard [3DES]).
  • Knowledge of host/network access controls (e.g., access control list).
  • Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusion via intrusion detection technologies.
  • Knowledge of network protocols (e.g., Transmission Critical Protocol and Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol (DHCP), and directory services (e.g., Domain Name System [DNS]).
  • Knowledge of penetration testing principles, tools, and techniques.
  • Knowledge of system and application security threats and vulnerabilities (e.g. buffer overflow, mobile code, crosstie scripting, Procedural Language/Standard Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return oriented attacks, malicious code).
  • Provide situational awareness to the customer on all accredited and pending accreditation systems.
  • Applies knowledge of Information Assurance Vulnerability Alerts (IAVAs)
  • Applies experience with compliance and vulnerability scanning tools (Nessus, McAfee ePO).
  • Conducts comprehensive security control assessments levied against a system and documenting the results, including recommendations for correcting any weaknesses or deficiencies in the controls.
  • Conducts comprehensive reviews of security authorization documents to ensure the appropriate security guidelines were used during the assessments and the selections of security controls are relevant to the confidentiality, integrity, and availability of the system.
  • Performs security control assessments on cloud-based systems (i.e., AWS).

Job Requirements


To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  The requirements listed below are representative of the knowledge, skill and ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • 8+ years of experience using different Information Assurance (IA) disciplines
  • Minimum of a Bachelor’s degree from an accredited college or university in Engineering, Cybersecurity, Computer Science, or related discipline preferred. Relevant work experience and training may be considered in lieu of a degree, like Office of Personnel Management’s (OPM) Crediting Combinations of Education and Experience standard
  • Knowledge of Windows, Solaris, and UNIX based operating systems
  • Active TS/ SCI government clearance or SCI eligible
  • MUST meet DoD 8570 IAT Level II requirements (Security+ ce; CCNA-Security, SSCP, GSEC)
  • IAM Level III Certifications (CISSP, CISM, or GSLC) preferred
  • Experience with RMF, CNSSI 1253, NIST SP 800-53, ICD 503
  • Experience with Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker (SCC)

Physical Requirements:

Work may involve sitting or standing for extended periods of time.  Position may require typing and reading from a computer screen.  Must have enough mobility, including but not limited to bending, reaching, and kneeling to complete daily duties in a timely and efficient manner.  May include lifting weigh up to thirty (30) pounds as necessary.  

Security Clearance:

Position requires a Top-Secret/SCI clearance

Company Summary:

Headquartered in Hawaii, Galapagos, LLC is a SBA Certified NHO 8(a) Small Business specializing in global information technology and offering professional solutions in IT Design & Installation, Cybersecurity Engineering & Support, Application Integration & Development, Software & Hardware Engineering, Network & Systems Management, Information Systems Security, and Business Management Services.

Leveraging over 30 years of providing IT services to the federal & commercial market with projects located around the world, our team possesses innovative expertise in the development of a wide range of technology solutions.  Galapagos, LLC is an equal opportunity employer.

Our service commitment is simple - "Quality IT Solutions... On Time & On Budget."

Galapagos, LLC reserves the right to change or modify job duties and assignments at any time.  The above job description is not all encompassing.  Positions functions and qualifications may vary depending on business needs.

Galapagos, LLC is an equal opportunity employer and does not discriminate against applicants based on race, color, creed, religion, medical condition, legally protected genetic information, national origin, sex (including pregnancy, childbirth or related medical condition), sexual orientation, gender identity and expression, age, disability, or Vietnam era, or other eligible veteran status or legally protected characteristics.