Federal Prisons Industries maintains a defense-in-depth security environment that provides successive security controls as a person progresses through the security architecture. The Federal Prisons Industries maintains firewalls, intrusion detection systems, managed security services, and anti-virus/anti- spyware on the desktop. Laptops are encrypted for protection of data, Web traffic is filtered, and a security event/log management has been deployed. Federal Prisons Industries maintains a vulnerability management program that is used to perform multiple scans each month and operates a mature process for ensuring that identified vulnerabilities are analyzed, reported, and addressed.
A security controls assessor (SCA) evaluates the security controls within network systems to identify vulnerabilities and recommends actions to correct problems, working alone and as part of a team. Your duties begin with conducting an in-depth assessment of the management, operations, and technical security controls. You then document a plan to address vulnerabilities and continue to monitor the security of network systems.
Requirements
- Must have 2+ years of experience
- Hold at least one of the following certifications: CompTIA Security+ certification Certified Ethical Hacker (CEH), CompTIA Advanced Security Practitioner (CASP or CASP+), Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional (CISSP).
- Must have a college degree in an IT related field of study.
- Must be familiar with the Risk Management Framework (RMF) and the NIST 800-53 Rev 5 controls.
- Must have experience using CSAM or other RMF approved system of record.
- Must analyze information and prepare reports describing the vulnerability level of the network with specific details as to what compromises data systems.
$130 - $135 a year
