Security Controls Assessor / OSCAL (Remote)

About The Position

Requirements

• Proven OSCAL experience (at least two years).
• 5+ years of hands-on security controls assessment and development of Security Assessment Plan (SAP), Security Assessment Report (SAR) and Plan of Actions and Milestones (POA&M).
• Experience with RegScale, Paramify, or similar tools.
• Experience with government, public sector, or municipal IT environments is highly preferred.
• Ability to write clear, professional, and actionable technical reports.
• Full U.S. Citizenship, and ability to pass an extensive background check.

Nice To Haves

• Experience with NIST 800-53 based ATO assessment, NIST 800-171/CMMC assessment, and/or HIPAA assessment.
• Ability to produce a set of interoperable, extensible, machine-readable formats that supports a broad range of control-based risk management processes (XML-, JSON-, and YAML-based formats that allow for lossless translations between XML, JSON, and YAML representations).
• Familiarity with U.S. Government security policy requirements.
• Experience coordinating with multi-agency or cross-organizational IT teams.
• Expertise with common tools such as Kali Linux, Burp Suite, Nmap, Metasploit, Nessus/Tenable, and Wireshark.

Benefits

• TestPros offers a competitive salary, medical/dental/vision insurance, life insurance, paid time off, paid holidays, 401(k) retirement plan with company match, opportunities for professional growth, cell phone discounts, and much more!
• All benefits are per TestPros current policies and are subject to change without notice.
• Benefits are available to full-time employees.