Synergy ECP is a Service Disabled Veteran-Owned Small Business SD(VOSB) that was formed in July 2007 with Headquarters in Columbia, MD and is made up of talented, dedicated staff to provide a broad range of services to the defense, intelligence and health care industries.
In an ultra-competitive environment, Synergy ECP has thrived by adhering to our name, making sure excellence is displayed by our Employees, to our Customers and by Improving Performance (ECP).
It’s what sets us apart, enabling us to be an autonomous yet agile business that delivers huge results - showing we’re ready to meet our customers’ evolving demands.
Synergy ECP has earned a client list that includes numerous Fortune 100 companies, in addition to multiple branches of the US government and military services.
Synergy ECP is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, age, disability, veteran status, or any other protected class.
Clearance Required: TS/SCI
Other Requirements: U.S. Citizenship
Senior Security Controls Assessor (SCA):
The primary role of personnel in this position will be assessing the overall security compliance of the client’s information systems. This will be accomplished through actively analyzing security functions for design
weaknesses and technical flaws, determining system vulnerabilities by performing vulnerability assessments, and conducting on-site evaluations.
A senior SCA should possess
The ability to think ‘out of the box’
Strong presentation, report writing and customer interface skills
Familiarity with various operations systems such as Microsoft Windows 2000/2003, NT4, XP, various versions of UNIX (AIX, Solaris, HPUX, etc), and Linux
Detailed knowledge of TCP/IP and other major protocols (i.e. NetBEUI, NETBIOS, IPX/SPX) and the inherent weaknesses of the protocols
Understanding of ‘hacking’ methodology concerning performing a vulnerability assessment
The ability to describe a system's avenues of compromise in a network environment and differentiate between various types of network attacks
An understanding of a typical secure topology and architecture for a site connected to the Internet (i.e. routers, firewalls, web servers)
Understanding of how to read and interpret a network diagram and identify possible security related concerns
The ability to keep a robust security skill set current and to work on multiple projects concurrently
Conducts verification and validation for security compliance of all information systems, products, and components
Analyzes design specifications, design documentation, configuration practices and procedures, and operational practices and procedures
Provides identification of non-compliance of security requirements and possible mitigations to requirements that are not in compliance
Conducts on-site evaluations
Validates the security requirements of the information system
Verifies and validates that the system meets the security requirements
Provides vulnerability assessment of the system
Coordinates penetration testing
Provides a comprehensive verification and validation report (certification report) for the information system
Provides process improvement recommendations
Assists the Government to draft standards and guidelines for usage
Twelve years of related work experience
A Bachelor’s Degree in Computer Science or IT Engineering may be substituted for four years of experience
Experience in security or system engineering in five or more areas, including: telecommunications concepts, operating systems, databases/DBMS, middleware, applications,
web-servers, SANS/Netaps, Active Directory, firewalls, and controlled interfaces