Raytheon Technologies Contractor Security Control Assessor (CSCA) - Tewksbury or Andover in Andover, Massachusetts
At Raytheon Missiles & Defense, you have the opportunity to try new things and make a bigger difference across a broader end-to-end solution, a richer technology and product set, an expanded range of disciplines, a growing global footprint and a more diverse team of colleagues and customers.
Our Cybersecurity team is presently seeking a Contractor Security Control Assessor to join the team in either Tewksbury or Andover, MA . Capped relocation support is available, see below for further details regarding what we offer.
The Contractor Security Control Assessor (CSCA, pronounced see-skah) is responsible for compliance oversight, assessment and operations of systems under their purview. They may be assigned to a single large-scale program or oversee multiple programs.
CSCAs conduct recurring Cybersecurity reviews on information systems in accordance with the National Industrial Security Program Operating Manual (NISPOM), DoD Special Access Program (SAP) Security Manuals, Risk Management Framework (RMF), Intelligence Community Directive (ICD-503), Joint Special Access Program (SAP) Implementation Guide (JSIG), Defense Counter-Intelligence Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM), associated National Institute of Standards and Technology (NIST), customer directives and company policies as applicable.
You may be assigned as independent Cybersecurity assessors as part of the GSS Self-Inspection Team as determined by the MA Cybersecurity Leads. CSCAs are responsible for the execution of the RMD Continuous Monitoring Plan as required by CA-2 Security Assessments. CSCAs serve as subject matter experts (SME) on a broad range of Cybersecurity topics in support of program milestones and objectives. You will engage directly with cognizant security agency SCA/ISSP on Cybersecurity requirements and approvals. You may represent the Cybersecurity organization and business unit to external Cybersecurity counterparts. You are responsible for providing guidance and technical training to ISSOs across the organization. CSCAs are required to maintain IAM Level I certification commensurate with their role as required by DoDD 8140 (8570).
Responsibilities to Anticipate:
Reviewing and approving (within authority) configuration management requests
Conducting technical (e.g., wireless/cellular scans) and administrative assessments per system SCTM & RMD Continuous Monitoring Plan
Integrating new Cybersecurity processes, procedures and tools into existing Programs as directed by Cybersecurity Leadership
Providing quality control for Cybersecurity documentation (i.e., SSP, SCTM, CONOPs, Test Plans) prior to being submitted to ISSM and/or Customer
Assists the Cybersecurity Manager and the Cybersecurity Training Team with conducting technical training and administrative processes
Serves as a backup ISSO in the event an ISSO is not available
Support ISSOs and Cybersecurity Managers in the creation, review and update of SSPs, SCTMs, CCIs, RALs, POAMs, and other technical writing
Create and deliver training for system security education and awareness
Support and deliver data call collections and metrics
Oversee ISSO’s to ensure implementation of policies and procedures as outlined within the SSP
Field questions and act as the SME for the Information Systems
Qualifications You Must Have:
Bachelor's Degree in either Computer Science, Information Systems Management, Information Technology, Criminal Justice, STEM, or Business. Other degrees may be considered. In lieu of a degree, you must have 14 years of cyber / systems security experience PLUS the following:
An advanced degree in a related field may be substituted for 2 additional years of experience.
Currently possess DoD 8570.01-M IAM level I certified credentials (CompTIA Security+, etc.)
Five (5) years’ experience with any combination of the following: cybersecurity, network security architecture, system hardening, auditing/compliance methods, and/or systems security engineering concepts such as topology, protocols, components, and/or principles (e.g., application of defense-in-depth).
Experience with documentation and tools such as any of the following: DoD Manuals 8500 series, NIST Special Publications (800-53, 800-37, etc.) SNAC Guides, Nessus, SCAP, ACAS, etc. and/or JAFAN, DCID, JSIG, DAAPM, NISPOM, ICD-503
An active and in-scope Secret US security clearance
Qualifications We Value:
Experience in the execution of the Certification & Authorization processes, as defined within the Risk Managed Framework (RMF)
Experience providing technical security consultation for complex, cross-domain, heterogeneous classified networked environments in collaboration with internal/external Customers, Information Technology (IT)
What We Offer:
Whether you’re just starting out on your career journey or are an experienced professional, we offer a robust total rewards package that goes above and beyond with compensation; healthcare, wellness, retirement and work/life benefits; career development and recognition programs. Some of the superior benefits we offer include parental (including paternal) leave, flexible work schedules, achievement awards, educational assistance and child/adult backup care.
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.