Security Control Assessor, Senior
About The Position
Conduct independent assessments of management, operational, and technical security controls for client information systems in accordance with the NIST Risk Management Framework (RMF). Perform technical evaluations of General Support Systems (GSS) and applications using both manual and automated methods to verify proper security control implementation and configuration. Assess the effectiveness of security controls, identify weaknesses, and evaluate the severity of vulnerabilities across the system and its operating environment. Develop and deliver actionable recommendations for corrective measures. Create and review all Security Control Assessment (SCA) artifacts, including the Security Assessment Plan (SAP), Security Assessment Report (SAR), and Security Configuration Report (SCR).
Requirements
- 5+ years of experience performing security assessments of federal systems to ensure compliance with NIST SP 800‑53 Rev. 5, NIST SP 800‑37 Rev. 1, and agency-specific requirements
- Experience conducting vulnerability assessments and analyzing scan results using Tenable Nessus, Web Inspect, and Fortify
- Experience performing manual and automated configuration compliance assessments using Tenable Nessus and STIGs, including analysis of compliance findings
- Experience working with POA&Ms, including drafting detailed vulnerability descriptions, impact analyses, and risk mitigation strategies, and supporting RMF Steps 4-6 Assess, Authorize, and Monitor for federal applications and GSSs
- Experience assessing IT infrastructure such as network appliances, firewalls, IDS/IPS, or end-user devices for vulnerabilities and configuration compliance
- Knowledge of cybersecurity principles for managing risks associated with processing, storing, and transmitting information
- Ability to develop clear, comprehensive documentation
- Ability to obtain a Secret clearance
- Bachelor’s degree in Computer Science, Information Technology, or Engineering
- CISSP, CISA, CAP, or GSNA Certification
Nice To Haves
- Knowledge of security principles and risk considerations for Industrial Control Systems (ICS)
- Knowledge of network security architecture, including topologies, protocols, components, and defense‑in‑depth principles
- Possession of excellent communication skills
Responsibilities
- Conduct independent assessments of management, operational, and technical security controls for client information systems in accordance with the NIST Risk Management Framework (RMF).
- Perform technical evaluations of General Support Systems (GSS) and applications using both manual and automated methods to verify proper security control implementation and configuration.
- Assess the effectiveness of security controls, identify weaknesses, and evaluate the severity of vulnerabilities across the system and its operating environment.
- Develop and deliver actionable recommendations for corrective measures.
- Create and review all Security Control Assessment (SCA) artifacts, including the Security Assessment Plan (SAP), Security Assessment Report (SAR), and Security Configuration Report (SCR).
Benefits
- health
- life
- disability
- financial
- retirement benefits
- paid leave
- professional development
- tuition assistance
- work-life programs
- dependent care
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
