Security Control Assessor
About The Position
Harmonia is seeking a Security Control Assessor aligned to the National Initiative for Cybersecurity Education (NICE) Framework (Securely Provision) and (Protect and Defend) to support Federal government cybersecurity programs. This role is responsible for planning, conducting, and overseeing independent security assessments of systems, applications, networks, and common controls to evaluate the effectiveness of management, operational, and technical security controls in accordance with NIST SP 800-37. The position also performs vulnerability assessments to identify deviations from acceptable configurations and evaluates the effectiveness of defense-in-depth architectures against known vulnerabilities.
Requirements
- Advanced capability level consistent with the NICE framework roles, with demonstrated abilities, knowledge, and skills to perform all core tasks.
- Demonstrated, recent experience planning, conducting, and overseeing independent assessments of Federal systems, applications, sites, and programs.
- Certified Information Systems Security Professional (CISSP) certification (required).
- Demonstrated, recent experience performing independent assessments of cloud-based solutions.
- Demonstrated knowledge and expertise in the NIST Risk Management Framework (RMF) and Federal cybersecurity policy, standards, and guidelines.
- Bachelor’s degree from an accredited college or university.
Nice To Haves
- Additional relevant cybersecurity certifications.
- Demonstrated, recent experience performing independent assessments of cloud-native and emerging technologies, such as artificial intelligence, robotic process automation, or similar technologies.
- Demonstrated, recent experience performing independent security assessments.
- Master’s degree or higher, and/or a degree in cybersecurity, information technology, or a related field.
Responsibilities
- Conduct independent, comprehensive assessments of security controls and control enhancements for Federal IT systems.
- Plan, execute, and oversee assessments of systems, applications, networks, sites, and common controls.
- Perform vulnerability assessments to identify weaknesses, misconfigurations, and deviations from policy or baseline requirements.
- Measure the effectiveness of defense-in-depth architectures against known and emerging vulnerabilities.
- Evaluate security control effectiveness in alignment with the NIST Risk Management Framework (RMF).
- Perform independent assessments of cloud-based solutions, ensuring compliance with Federal cybersecurity requirements.
- Support assessments of cloud-native and emerging technologies, as applicable.
- Document assessment results, findings, and recommendations, including inputs to SARs, POA&Ms, and authorization packages.
- Collaborate with system owners, engineers, and stakeholders to communicate risks and remediation strategies.
- Ensure assessment activities align with Federal cybersecurity policies, standards, and guidelines.
Benefits
- Traditional and HSA- eligible medical insurance plans
- 100% employer-paid dental and vision insurance options
- 100% employer-sponsored STD, LTD, and life insurance
- 5% 401(k) company matching
- Flexible-schedules and teleworking options
- Paid holidays and PTO Accrual Plans
- Paid Parental Leave
- Professional development and career growth opportunities
- Team and company-wide events, recognition, and appreciation-- and so much more!
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
