Technical Lead SCA

Company Overview

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider headquartered in Dulles, Virginia with operations across the U.S. We provide innovative enterprise-wide solutions as well as targeted services addressing the complex challenges faced by our federal government clients. Our focus is on enabling our clients to deliver their mission most efficiently and effectively – anytime, anywhere, securely. We combine technical expertise, mission awareness, and an empowered workforce to produce meaningful results.

Join the SkyePoint team and become part of a highly skilled, professional workforce dedicated to delivering mission-critical solutions. Our exceptional technical experts provide innovative services and solutions to federal agencies, making a meaningful impact every day. At SkyePoint, we value top talent and foster an environment where your ideas and contributions truly matter. Be part of a team that values excellence and rewards innovation—your future starts here!

This is a contingent position based upon customer approval. 

Position Details and Responsibilities

SkyePoint Decisions is seeking a highly motivated team member to fill the role of Lead Technical SCA to join our team supporting the Department of Education’s (DoED) Federal Student Aid (FSA) team.

This is a remote position. 

Responsibilities:

• Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
• Conduct a comprehensive assessment of implemented controls and control enhancements to determine the effectiveness of the controls, i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security and privacy requirements for the system and the organization.
• Schedule and lead System Assessments out-briefs with different stakeholders and provide SAP, SAR, security recommendations and system certifications.
• Prepare security, privacy, and supply chain assessment reports containing the results and findings from the assessment.
• Provide an assessment of the severity of the deficiencies discovered in the system, environment of operation, and common controls and recommend corrective actions to address the identified vulnerabilities.
• Complete and execute a Security Controls Test (SCT) plan that outlines all the assessment activities, including but not limited to the required vulnerability scanning activities, Penetration Testing consistent with DHS RVA standards, guidelines, and templates, coordinate requirements, Scope of the controls and special interest items to be assessed, Provide the final analysis report and briefing to the CISO, Support the Authorizing Official (AO) briefing, Summarize the findings, Provide the detailed findings and Provide the POA&M injection template.
• Create or update a 3-year Ongoing Authorization test plan for each system that includes the most resent versions of NIST SP 800-53 control tests and any additional tests the Department requires to be included for Ongoing Authorization. A subset of the controls will be tested or assessed each quarter so that all controls will be tested or assessed at least once during a three-year period.
• Complete and maintain an Ongoing Authorization master project schedule by using NIST assessment methods and approved Ongoing Authorization procedures.
• Create or update program management documentation that include rules of engagement, schedules, annual document reviews, process for POA&M and accepted risk reviews.
• Ensure that appropriate vulnerability and penetration tests are scheduled, conducted, analyzed, and presented to the system owner ad information systems security officer (ISSO).
• Meet with the system ISSO(s) [as needed], systems contractors and the POAM Team, to develop mitigation strategies and identify acceptable evidence criteria to close deficiencies. For all security deficiencies found during a test cycle, per system populate an FSA’s vulnerability tracking tool injection template ensuring appropriate content is included in all required fields.
• Review and provide advice based on analysis for Third Party Website and Applications (TPWA).
• Review and analyze all system artifacts for accuracy, completeness, in support of an authorization to operate (ATO) requests.
• Create and submit to the CISO, a monthly Ongoing Authorization report that itemizes and describes the Ongoing Authorization scheduled assessment activities (controls, scans, etc.); Production Readiness Reviews (PRRs), scorecards, audits, CM, other tests completed during the past month, and any residual risks added.
• Provide a risk rating, based on the risk profiles of all systems in the Ongoing Authorization program, identify trends, and provides recommendations for improving security across the enterprise. This report shall provide sufficient granularity.

Qualifications

Required Qualifications:

• Must be able to obtain a DoED Level 6 High Risk/Public Trust Security Clearance.
• Bachelor’s degree or equivalent and at least ten (10) years related experience. Over ten (10) years’ experience is preferred.
• At least five (5) years of experience as a Security Controls Assessor or similar audit findings response role.
• Excellent communications and interpersonal skills,
• Solid understanding of DoED Information Assurance policy.
• Experience with security audits and compliance.
• Experience with IT Review Board change requests.
• Ensure compliance with DoED Standards and procedures.
• Good familiarity with and understanding of all relevant government and agency policies and procedures to ensure system documentation is compliance with relevant guidelines, e.g., FedRAMP, RMF, FISMA, FIPS-II, NIST, etc.
• Must be a U.S. citizen.

Preferred Qualifications:

• Certified in Risk and Information Systems Control (CRISC), Certified Authorization Professional (CAP), or equivalent certification.

What We Can Offer You:

• At SkyePoint, we go B.I.G. (beginning in GRATITUDE) by recognizing all we have and giving back to our employees, families, and communities. It instills a positive mindset that permeates all we do. By beginning in gratitude, SkyePoint can continue to spread living in gratitude each day.
• Great Benefits: Several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs], Flex Spending Accounts [FSAs], Full Dental Plans, ST/LT Disability, Life Insurance, floating federal holiday options, and 401k matched
• Certificate Incentive Program: To promote professional development, we recognize and reward employees who obtain new certifications aligned with business needs.
• SkyePoint DoD SkillBridge Industry Partner Fellowship Program

• Flexible Work Environment

Compensation:

Salary Range: $120,000-$130,000

The SkyePoint Decisions salary range for this position is a general guideline only. It represents an estimated range for this position and is just one piece of our total compensation package. 

Salary at SkyePoint is determined by various factors, including but not limited to location, work schedule, the candidate’s combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability, market data and business considerations.

In addition to a competitive salary, SkyePoint offers benefits including a certification incentive program, PTO, floating federal holiday options, several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs], Flex Spending Accounts [FSAs], Full Dental Plans, Vision, ST/LT Disability, Life Insurance, and 401k matched.

SkyePoint Decisions is an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 for Services and Development. We possess a common vision of excellence and foster a collaborative team culture built upon individual performance and accountability. We invest in our people and systems to create value for our clients. It is the SkyePoint Way. We are grateful for the opportunity to work with exceptional people and give back to the communities we serve. Our employees value the flexibility at SkyePoint that allows them to balance quality work and their personal lives.

Please be aware of recruiting scams and people claiming to be from SkyePoint Decisions. For more information, please see the Welcome Page of our Careers site.

Skyepoint Decisions is a participating E-Verify Employer. 

U.S. Citizenship is required for most positions.

Equal Opportunity Employer/Veterans/Disabled.