Security Controls Assessor – Hybrid

Role Overview

• Perform security reviews, identify gaps in security architecture, and develop a Security Assessment Plan and Security Assessment Report.
• Utilize the examine, interview, and test methodology to determine if control implementation meets Federal and Agency requirements.
• Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
• Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
• Provide weekly updates on assessment status.
• Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
• Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
• Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risks.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
• Assess the effectiveness of security controls.
• Assess all the configuration management (change configuration/release management) processes.

Requirements

• Completed Bachelor’s degree from an accredited university, preferably in an IT related field.
• Ability to obtain a clearance or a Public Trust is preferred, however all clearance levels and non-cleared applicants will also be considered.
• One or more of the following: CISSP, CISM, Security+, CISA, CAP, or equivalent industry recognized cybersecurity certification.
• At minimum 5+ years of hands-on work experience with Assessor (SCA) duties; performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise databases leading to successful security authorization of such systems.
• Knowledge of GRC tools e.g., Xacta
• Knowledge of the NIST Cybersecurity Framework
• Cloud and or engineering related certifications

Tech Stack

• Cloud
• Cyber Security

Benefits

• paid parental leave
• flexible time off
• certification and training reimbursement
• digital mental health and wellbeing support memberships
• comprehensive insurance options