Security Assessor

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, or additional experience in Lieu of a degree.
• 5+ years of experience in security architecture, security assessment, or a related cybersecurity role within a federal or government environment.
• Background check with the ability to pass a Public Trust Background Investigation
• Extensive experience with NIST RMF, FISMA, FedRAMP, and other federal security frameworks.
• Familiarity with cloud security architectures, particularly in Microsoft Azure and/or AWS environments.
• Strong understanding of vulnerability management, penetration testing, and forensic investigation tools.
• Experience with SIEM tools, security monitoring, and incident response frameworks.

Nice To Haves

• Certification in the following is preferred: Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), or Certified Cloud Security Professional (CCSP) certification
• Certified Information Systems Security Professional (CISSP), or equivalent experience and knowledge commensurate with certification requirements

Responsibilities

• Conduct comprehensive security control assessments of the HHS ACL EITS systems to ensure compliance with FISMA, NIST 800-53, FedRAMP, and other federal regulations.
• Prepare and present security assessment reports to senior management and government stakeholders.
• Develop and maintain secure architecture designs that comply with federal security standards, ensuring the system's confidentiality, integrity, and availability.
• Collaborate with the Cloud Infrastructure Architect and Application Developers to integrate security controls into system design and implementation.
• Implement security by design principles and ensure all software, systems, and infrastructure meet stringent security requirements.
• Conduct risk assessments to identify and prioritize risks associated with information systems.
• Develop and implement risk mitigation strategies, ensuring that all identified risks are managed appropriately and in alignment with government standards.
• Ensure that security documentation, such as System Security Plans (SSPs) and Risk Management Framework (RMF) artifacts, are up-to-date and accurately reflect the system's security posture.
• Perform regular vulnerability assessments and penetration testing to identify and remediate security weaknesses in the system.
• Assist in the preparation and execution of Authorization and Accreditation (A&A) packages, ensuring compliance with NIST RMF and supporting the program's ongoing operations.
• Work closely with the Authorizing Official (AO) to ensure timely authorization of systems and assist in maintaining an accurate and updated authorization status.
• Assist in the incident response process, investigating and reporting security breaches, unauthorized access, and other security incidents.
• Lead forensic investigations to determine root causes of incidents and provide recommendations for remediation.
• Prepare post-incident reports detailing the findings and actions taken to prevent future occurrences.
• Develop and deliver security awareness training for staff and stakeholders, ensuring everyone understands their role in maintaining the program's security.
• Foster a security-first mindset across the program to ensure all team members contribute to the protection of information assets.
• Other duties as assigned.