Security Control Assessor

About The Position

Requirements

• Bachelor's degree in computer science, Information Technology, or a related field.
• 4 years of experience in conducting security testing in accordance with NIST SP 800-53A.
• 4 years of experience creating POA&Ms in the CSAM tool.
• 2 years of experience with NIST SP 800-53-A and security control assessment methodologies.
• 2 years of experience with security program management, including policy and procedure development, Continuous Monitoring, and risk management.
• US Citizen with the ablity to pass a comprehensive background check.
• 2 years of previous client-engagement experience.

Nice To Haves

• Strong analytical skills and ability to quantify and analyze test findings.
• Knowledge of security tools and techniques, including scanning tools.
• Understanding of cloud environments and related security implications.
• Excellent communication (verbal and written) and collaboration skills, with the ability to work effectively with security staff and Agency ISSOs.
• Impeccable work ethic, the ability to make sound decisions, and a commitment to integrity and accountability.
• Excellent organizational skills and attention to detail.
• Strong analytical, critical thinking, and problem-solving skills.
• Ability to function well in a high-paced and at times stressful environment.
• Ability to prioritize tasks.
• Proficient with Microsoft Office Suite; specifically, Excel, Word, and Outlook a must.
• One or more of the following certifications preferred: CISSP, CAP, CISM, Security+, CASP, CISA.

Responsibilities

• Conduct security testing in accordance with NIST SP 800-53-A.
• Develop Security Controls Assessment Plans, including:
• Interviewing, examining, and/or testing management, operational, and technical controls.
• Gathering evidence for tested controls.
• Summarizing testing results, highlighting high/moderate risk items and compliance percentages.
• Documenting results within the Security Controls Assessment Plan.
• Analyzing and summarizing scan results, utilizing scans provided by the cloud environment.
• Assist in updating the client's IT Security Program policies and procedures.
• Provide timely reminders to Agency ISSOs to support Continuous Monitoring efforts.
• Assist in launching the client's Configuration Management program, including compliance testing and guidance on implementing DISA's Security Technical Implementation Guides (STIGs).
• Produce Security Assessment Reports (SAR) using the Agency's Information Assurance tool.
• Evaluate the risk of SAR findings from security testing and summarize them into Plan of Action and Milestone (POA&M) tracking documentation.
• Track the progress of the IT Risk Management program through POA&M updates and/or data submission to the Agency's Office of Risk Management.
• Review supporting artifacts, evaluate remediation of risk, and recommend POA&M closure

Benefits

• Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.