Security Control Assessor

Harmonia Holdings Group•Washington, DC

4h•Hybrid

About The Position

Harmonia Holdings Group, LLC is an award-winning, rapidly growing federal government contractor committed to providing innovative, high-performing solutions to our government clients and focused on fostering a workplace that encourages growth, initiative, creativity, and employee satisfaction. Description Title: Security Control Assessor Location: Hybrid, Washington, DC Terms: Full-time Clearance: Ability to obtain a Public Trust Travel: 0-20% Position Description : Harmonia is seeking a Security Control Assessor aligned to the National Initiative for Cybersecurity Education ( NICE) Framework (Securely Provision) and (Protect and Defend) to support Federal government cybersecurity programs. This role is responsible for planning, conducting, and overseeing independent security assessments of systems, applications, networks, and common controls to evaluate the effectiveness of management, operational, and technical security controls in accordance with NIST SP 800-37 . The position also performs vulnerability assessments to identify deviations from acceptable configurations and evaluates the effectiveness of defense-in-depth architectures against known vulnerabilities.

Requirements

Advanced capability level consistent with the NICE framework roles, with demonstrated abilities, knowledge, and skills to perform all core tasks.
Demonstrated, recent experience planning, conducting, and overseeing independent assessments of Federal systems, applications, sites, and programs .
Certified Information Systems Security Professional (CISSP) certification (required).
Demonstrated, recent experience performing independent assessments of cloud-based solutions .
Demonstrated knowledge and expertise in the NIST Risk Management Framework (RMF) and Federal cybersecurity policy, standards, and guidelines.
Bachelor’s degree from an accredited college or university.

Nice To Haves

Additional relevant cybersecurity certifications.
Demonstrated, recent experience performing independent assessments of cloud-native and emerging technologies , such as artificial intelligence, robotic process automation, or similar technologies.
Demonstrated, recent experience performing independent security assessments.
Master’s degree or higher, and/or a degree in cybersecurity, information technology, or a related field.

Responsibilities

Conduct independent, comprehensive assessments of security controls and control enhancements for Federal IT systems.
Plan, execute, and oversee assessments of systems, applications, networks, sites, and common controls.
Perform vulnerability assessments to identify weaknesses, misconfigurations, and deviations from policy or baseline requirements.
Measure the effectiveness of defense-in-depth architectures against known and emerging vulnerabilities.
Evaluate security control effectiveness in alignment with the NIST Risk Management Framework (RMF) .
Perform independent assessments of cloud-based solutions , ensuring compliance with Federal cybersecurity requirements.
Support assessments of cloud-native and emerging technologies , as applicable.
Document assessment results, findings, and recommendations, including inputs to SARs, POA&Ms, and authorization packages.
Collaborate with system owners, engineers, and stakeholders to communicate risks and remediation strategies.
Ensure assessment activities align with Federal cybersecurity policies, standards, and guidelines.