SME Security Control Assessor
About The Position
About this Role: We are looking for a SME Security Control Assessor that supports security control assessment activities for HHS-ACF information systems by applying NIST security controls and frameworks to evaluate control implementation and effectiveness. This role is responsible for gathering, organizing, and documenting assessment evidence; conducting security testing and evaluations; and assisting with vulnerability scanning and analysis. The assessor leads security control interviews, supports continuous monitoring activities, and contributes to the development of assessment reports, briefings, and formal deliverables. Additionally, the role maintains assessment documentation and tracking artifacts, reviews security documentation, and assists in the development of Plans of Action and Milestones (POA&Ms). The SME Security Control Assessor I actively participates in team meetings and technical discussions to support compliance, risk management, and overall system security posture.
Requirements
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
- 2+ years of experience in security control assessments
- Basic understanding of cybersecurity principles and concepts
- Knowledge of NIST frameworks and security controls
- Familiarity with common security tools and technologies
- Strong attention to detail
- Excellent organizational skills
- Basic technical writing abilities
- Proficiency in Microsoft Office suite
- Strong analytical and problem-solving skills
- Ability to follow detailed instructions and procedures
- Good communication skills
- Eagerness to learn and develop professional skills
- Basic understanding of networking concepts
- Ability to work effectively in a team environment
- Commitment to maintaining confidentiality and security protocols
- Familiarity with Risk Management Framework (RMF)
- Employment for this position is contingent upon the candidate being a United States citizen and having the ability to successfully obtain and maintain a Public Trust clearance, in accordance with applicable federal regulations.
Nice To Haves
- Security+ certification or in progress
- Basic understanding of FISMA requirements
- Experience with vulnerability scanning tools
- Knowledge of basic scripting or programming
- Familiarity with cloud computing concepts
- Understanding of basic system administration
- Experience with documentation management systems
- Knowledge of compliance frameworks
- Basic understanding of security assessment methodologies
- Familiarity with cybersecurity best practices
- Experience with technical documentation
- Interest in federal government cybersecurity
- Basic understanding of privacy principles
Responsibilities
- Support security control assessment activities
- Gather and organize assessment evidence
- Document security control implementation
- Conduct security testing and evaluations
- Assist with vulnerability scans and analysis
- Create of assessment reports and briefings
- Maintain assessment documentation and tracking sheets
- Lead security control interviews
- Prepare assessment deliverables
- Applying NIST security controls and frameworks
- Support continuous monitoring activities
- Assist with security documentation review
- Contribute to Plans of Action and Milestones (POA&Ms) development
- Participate in team meetings and technical discussions
Benefits
- Competitive salary
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
