Security Control Assessor

About The Position

Requirements

• Secret security clearance.
• Bachelor’s degree or equivalent years of relevant experience.
• 5+ years of relevant experience.
• CCNA Security, CySA+, GICSP, GSEC, Security + CE, CND, or SSCP certification.
• Intimate understanding of NIST RMF implementation guidance.
• Hands-on experience with using eMASS or similar Information Assurance tools.
• Experience in analyzing vulnerability scans and STIG implementations.
• Hands-on experience in assessing RMF Step 4 and performing continuous monitoring.
• Deep understanding of Vulnerability Management practices.

Responsibilities

• Provide the client with tailored documentation to support their security authorization.
• Independent assessor for Risk Management Framework Steps 0 to 7.
• Plan and execute security control assessments for various information systems within the organization.
• Develop and maintain assessment procedures and methodologies aligned with NIST guidelines and other relevant frameworks.
• Analyze and evaluate the effectiveness of implemented security controls.
• Identify vulnerabilities, weaknesses, and potential risks in information systems and infrastructure.
• Prepare detailed Security Assessment Reports (SARs) documenting findings and recommendations.
• Collaborate with system owners, ISSOs, and other stakeholders throughout the assessment process.
• Verify the implementation of remediation actions and conduct follow-up assessments as needed.
• Provide expert advice on the development and maintenance of System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms).
• Stay current with evolving cybersecurity threats, technologies, and best practices.
• Validate security control implementation and provide test results.
• Examine security control weaknesses and determine if they are producing the desired intent.