Sr. Security Control Assessor

Qualifications / Experience:

• Extensive experience with the NIST RMF and independently leading security control assessments from start to finish using the NIST Framework.


• Experience in several of the following areas is required: understanding of IT security practices and procedures; knowledge of current security tools available; different communication protocols; encryption techniques/tools; secure system architecture, system engineering, system administration, configuration management, or agile application development experience.


• Must be fully cloud proficient (AWS, Azure, Google).


• Experienced performing FedRAMP assessments and assessments of systems hosted in the cloud.


• Experience creating, reviewing and updating/editing security artifacts (i.e., Security Plans, Contingency Plan, Contingency Plan Test, e- Authentication workbook, FIPS 199 workbook, etc.).


• Proficient at interpreting scan results from various vulnerability and compliance tools such as MicroFocus Fortify SCA and WebInspect, Tenable Nessus and TIO, Prisma Cloud, SonarQube.


• Must be capable of providing corrective actions for weaknesses discovered during the assessment.


• Must have experience with SIEM tools and performing audit log reviews.


• Experience creating and validating remediation of POA&Ms.


• Technical writing ability is required.


• US Citizenship is required, along with the ability to obtain a Federal agency-specific clearance prior to starting.

Requirements: 

• Must have a Bachelor’s degree in Information Technology, Cyber Security, Computer Systems or related field and/or have & maintain at least two (2) active certifications such as but not limited to CASP, GSEC, GSLC, CISSP, CAP, CEH, CISM, CISA or other comparable certification or experience which must be approved in advance by the Government on a case-by-case basis.


• Must have at least five (5) years of specialized experience in one of the below positions: Information Systems Security Officer, Information Systems Security Engineer, Information Systems Security Auditor, or Information Systems Security Manager.


• Must have a minimum of five (5) years of experience with analyzing, assessing, and implementing corrective actions based on vulnerability management tools.


• Must have a minimum of three (3) years of experience with leading projects, technical writing, administrative tasks, and conducting briefings.

Strongly Desired:

• Knowledge of container platforms (EKS, Openshift, Docker) and microservice architecture.


• Development or programming experience.


• Familiarity with Nipper, Burp Suite Pro, Kali Linux, Solarwinds, Telos IACS, SPLUNK


• Penetration Testing experience.