IT System Assessor

About The Position

Requirements

• Minimum of THREE (3) years of experience in Risk Management Framework / Security Assessment and Authorization.
• RMF Experience in developing complete ATO packages for systems; including SSP, FIPS 199, E-Authentication, PTA/PIA, Incident Response Plan, Contingency Plan, and Configuration Management Plan.
• Experience in developing and conducting IR table-top tests and CP functional tests.
• Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse.
• Experience with NIST 800-53 and NIST 800-37.
• Experience with cloud systems and SaaS products, and understanding of the FedRAMP requirements.
• At least one of the following Certifications: CISA, CISSP, CompTIA Security+ CE, Certified Professional CompTIA Network+ CE, Certified Professional, Certified Cloud Certificates (AWS, Azure, and/or Google)
• Experience with assessing 2 of the 8 types of platforms/systems noted: ICAM Solution (Active Directory, SailPoint and CyberArk experience is preferred). Network – firewalls, IDS/IPS, switches, Routers, VPN Cloud Hosting (experience with at least 2 of 3 – AWS, Azure, Google) On-premise Hosting (Windows and Linux platforms) Microsoft 365 Tenant Third Party SaaS Platforms High Performance Computing Systems AI applications and Systems

Nice To Haves

• Experience with the DOJ’s CSAM GRC platform.
• Experience as software developer – capable of building dashboards within suites like Microsoft Power BI and Power App.
• Capable of configuring APIs with security tools into dashboards (such as Tenable, Splunk, and GRC Platforms including CSAM).
• Experience with conducting vulnerability scans and remediation findings.
• Experience with security monitoring tools (e.g., Splunk, Tenable, BigFix, Microsoft Purview, Symantec DLP, Sentinel, CloudWatch, Security Center).
• 1+ years of experience as IT system administrator or engineer.
• Experience can include: System maintenance in configuration and patching for On-premise servers and databases.
• Deployed and managed cloud hosted environments, configured and refined network connections and security monitoring integrations.
• Integrated third-party SaaS products with cloud environment, or collaboration Tenants like Microsoft 365.
• Maintained network components from firewalls, IDS/IPS to VPN solution.
• Developed and deployed web application software.

Responsibilities

• Conduct security control assessments through an independent (firewalled) team.
• Perform interviews, test controls, develop Security Assessment Reports (SARs), and create Plans of Action and Milestones (POAMs).
• Assess Authority to Operate (ATO) packages for accuracy and completeness.
• Implement rigorous quality standards and provide technical support for ATO package completion.
• Develop and maintain Standard Operating Procedures (SOPs) for SA&A, ensuring compliance with NIST SP 800-53 and periodic reviews for updates.
• Identify key roles (AO, CISO, System Owner, etc.) and develop a matrix of cybersecurity responsibilities for each FISMA system.
• Focus on minimizing risks to PII/PHI/Sensitive data, maintaining robust Privacy Impact Assessments (PIAs), and staying current with privacy laws and regulations.
• Advise senior management on privacy and data protection best practices.

Benefits

• Medical, Rx, Dental & Vision Insurance
• Personal and Family Sick Time & Company Paid Holidays
• Parental Leave
• 401(k) Retirement Plan
• Group Term Life and Travel Assistance
• Voluntary Life and AD&D Insurance
• Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts
• Transit and Parking Commuter Benefits
• Short-Term & Long-Term Disability
• Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities
• Employee Referral Program
• Corporate Sponsored Events & Community Outreach
• Care.com annual membership
• Employee Assistance Program
• Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)
• Position may be eligible for a discretionary variable incentive bonus