Company Information: Synergy ECP is a Service Disabled Veteran-Owned Small Business (SD(VOSB)) that was formed in July 2007 with Headquarters in Columbia, MD and is made up of talented, dedicated staff to provide a broad range of services to the defense, intelligence, and health care industries. In an ultra-competitive environment, Synergy ECP has thrived by adhering to our name, making sure excellence is displayed by our Employees, to our Customers and by Improving Performance (ECP). It's what sets us apart, enabling us to be an autonomous yet agile business that delivers huge results - showing we're ready to meet our customers' evolving demands. Synergy ECP has earned a client list that includes numerous Fortune 100 companies, in addition to multiple branches of the US government and military services. Synergy ECP is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, age, disability, veteran status, or any other protected class. Clearance Required: TS/SCI Other Requirements: U.S. Citizenship Senior Security Controls Assessor (SCA): The primary role of personnel in this position will be assessing the overall security compliance of the client's information systems. This will be accomplished through actively analyzing security functions for design weaknesses and technical flaws, determining system vulnerabilities by performing vulnerability assessments, and conducting on-site evaluations. A senior SCA should possess: The ability to think 'out of the box' Strong presentation, report writing and customer interface skills Familiarity with various operations systems such as Microsoft Windows 2000/2003, NT4, XP, various versions of UNIX (AIX, Solaris, HPUX, etc), and Linux Detailed knowledge of TCP/IP and other major protocols (i.e. NetBEUI, NETBIOS, IPX/SPX) and the inherent weaknesses of the protocols Understanding of 'hacking' methodology concerning performing a vulnerability assessment The ability to describe a system's avenues of compromise in a network environment and differentiate between various types of network attacks An understanding of a typical secure topology and architecture for a site connected to the Internet (i.e. routers, firewalls, web servers) Understanding of how to read and interpret a network diagram and identify possible security related concerns The ability to keep a robust security skill set current and to work on multiple projects concurrently FUNCTIONS: Conducts verification and validation for security compliance of all information systems, products, and components Analyzes design specifications, design documentation, configuration practices and procedures, and operational practices and procedures Provides identification of non-compliance of security requirements and possible mitigations to requirements that are not in compliance Conducts on-site evaluations Validates the security requirements of the information system Verifies and validates that the system meets the security requirements Provides vulnerability assessment of the system Coordinates penetration testing Provides a comprehensive verification and validation report (certification report) for the information system Provides process improvement recommendations Assists the Government to draft standards and guidelines for usage POSITION REQUIREMENTS: Twelve years of related work experience A Bachelor's Degree in Computer Science or IT Engineering may be substituted for four years of experience Experience in security or system engineering in five or more areas, including: telecommunications concepts, operating systems, databases/DBMS, middleware, applications, web-servers, SANS/Netaps, Active Directory, firewalls, and controlled interfaces DoD 8570-1M Change 2 certification #J-18808-Ljbffr
