Security Control Assessor

About The Position

Requirements

• Active DoD Secret clearance
• University Degree (BA/BS) or equivalent experience and 7+ years of related work experience
• 4+ years’ experience with systems in a Cloud environment and relevant technologies
• One of the DOD 8750 IAT II certifications (e.g., CCNA Security, CySA+, GICSP, GSEC, Security + CE, CND, or SSCP)
• CSSP-AU certification (must obtain within 60 days of employment)
• Demonstrated experience assessing RMF Step 4 and performing continuous monitoring
• Intimate understanding of NIST RMF implementation guidance
• Hands-on experience with eMASS or similar Information Assurance tools
• Well-developed understanding of Federal Civilian or DHS Security Assessment and Authorization (SA&A) processes
• In-depth knowledge of NIST Security Controls and Control Implementation methodologies
• Experience analyzing vulnerability scans and STIG implementations
• Ability to understand and support Privacy Compliance Activities

Nice To Haves

• Advanced industry standard Security Certifications
• Navy Qualified Validator (NQV)

Responsibilities

• Develop and execute innovative processes, standards, and operational plans through research and the integration of best practices.
• Serve as a subject matter expert and a mid-senior representative for your team.
• Provide guidance, coaching, and training to your team, fostering a culture of continuous learning and improvement.
• Deliver tailored documentation to support the United States Coast Guard’s security authorization processes.
• Act as an independent assessor for the Risk Management Framework (RMF) Steps 0 to 7.
• Plan and conduct security control assessments for various information systems.
• Develop and maintain assessment procedures aligned with NIST guidelines.
• Analyze security control effectiveness, identify vulnerabilities, and prepare detailed Security Assessment Reports (SARs).
• Work closely with system owners, ISSOs, and other stakeholders to ensure seamless assessment processes.
• Verify the implementation of remediation actions and conduct follow-up assessments as needed.
• Provide expert advice on System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms).
• Keep abreast of evolving cybersecurity threats, technologies, and best practices to ensure our defenses remain robust.

Benefits

• flexible time off
• robust learning resources
• comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.