Cloud Security Control Assessor

Steampunk-posted 2 days ago
$115,000 - $165,000/Yr
Full-time • Mid Level
Washington, DC
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

Steampunk wants you to be a Cloud Security Control Assessor on our team to support a government customer. The primary responsibilities for the position are to support all security assessment activities that ensure risk within the system is maintained at an acceptable level. The nature of the work requires that the candidate demonstrates initiative, organization, responsibility, customer service skills, and the ability to be flexible and adaptive to a fast-paced, fluid business environment. The candidate must be able to communicate effectively and decisively with all levels of the organization and be able to solve practical problems as well as exercise sound judgement with regards to sensitive and confidential information.

  • Lead security assessments in accordance with NIST SP 800-53, NIST RMF (SP 800-37), FedRAMP, and agency-specific guidance.
  • Evaluate technical, operational, and management controls across cloud, on-premises, and hybrid environments.
  • Develop Assessment Plans and Security Assessment Reports (SARs).
  • Coordinate with Information System Security Officers (ISSOs), System Owners, and authorization officials to review evidence and mitigate control deficiencies.
  • Analyze vulnerability scans, configuration baselines, and penetration test results to determine control effectiveness.
  • Provide technical recommendations to remediate weaknesses and strengthen security posture.
  • Maintain assessment documentation in compliance with organizational and federal standards (e.g., FISMA, FedRAMP).
  • Present findings and risk analysis to management and Authorization Officials (AOs).
  • Support continuous monitoring processes and control validation efforts for ongoing authorization.
  • Bachelor's Degree and 5 years of relevant IT cybersecurity experience; OR
  • No degree with a total of ten (10) years of cybersecurity experience, including two (2) years of FISMA experience.
  • One of the following certifications (may be obtained within six (6) months of hire):
  • Certified Information System Security Professional (CISSP)
  • CompTIA Advanced Security Practitioner (CASP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Familiarity with one or more: DHS Directive 4300A and NIST Special Pubs 800-30, 800-37, 800-39, 800-53, 800-60.
  • Strong understanding of NIST SP 800-53 controls, FIPS publications 199 and 200, and cybersecurity compliance standards.
  • Hands-on experience reviewing security control artifacts related to the NIST SP 800-53 controls.
  • Proficiency with assessment tools (e.g., Nessus, Splunk, Tenable.SC, SCAP scanners).
  • Direct experience providing independent evaluations for system authorization packages, including in cloud environments (AWS, Azure, etc.).
  • Analytical skills to interpret vulnerabilities, compliance gaps, and potential threats in diverse systems.
  • Understands the difference between cloud and non-cloud security control baselines.
  • Experience as an Information System Security Officer (ISSO).
  • Experience with Vulnerability, Configuration, and Asset Management tools in support of Continuous Monitoring.
  • Excellent analytical, written, and verbal communication skills.
  • Strong attention to detail in preparing federal security documentation.
  • Experience with:
  • POA&M management
  • Performing Security Authorization
  • Performing Risk Analysis and Assessment
  • CSAM or similar tool GRC tool
  • Experience providing ISSO support to DHS
  • Experience supporting systems hosted in Cloud environments.
  • Experience supporting systems in Agile and DevOps environments
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Cloud Security Engineer Resume Examples
Cloud Security Engineer Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service