The applicant will serve as an IT Security Assessor in support of the JS IV&V efforts using automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess security vulnerabilities and deficiencies of JS information systems to include enclaves, networks, applications, services, software, and Platform IT (PIT).
The successful candidate will coordinate with the appropriate JDIR ISO or PM to identify appropriate ISSM, ISSO, and other points of contact to obtain required artifacts for evidence, examination, and inspection before, during and post assessments. The applicant will conduct in-depth vulnerability assessments and asset information system auditing, review security controls and configurations, and validate if security objectives and goals are met, and, where applicable, review compliance requirements and best practices. In addition, the applicant will request a POA&M and vulnerability scan results/documentation and will review and request system owner inputs for unmitigated exploitable items. Finally, the applicant will produce Security Assessment Plans (SAPs), record findings during the assessment, and produce a Security Assessment Report (SAR) for the JS SCA.