Intermediate-level Security Assessor

Role: Security Assessor

Location: Remote (Must be available to work EST hours)

Duties & Responsibilities:

• Supporting independent security assessments of environments (on premise, Cloud (Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)) systems) and applications.
• Analyze existing security process including automation, security service delivery models.
• Provide system administration support to the GRC module, to include upgrades, patching, and account management.

Duties include:

• Lead security assessment meetings with system stakeholders
• Perform independent assessments of security controls as documented in the System Security Plan (SSP)
• Conduct risk assessments based on findings of security controls assessments
• Develop Security Assessment Report, Plans of Action and Milestones, and Executive Summaries

Qualifications

• 4-year degree (Bachelor of Science Degree) from an accredited College or University in Business/Engineering
• Minimum of 8 years of experience in an information security assessor role
• Must have or be eligible to obtain a Public Trust Clearance

Technical Skills

• Experience conducting security control assessments on complex cloud-based computing environments that provide PaaS and SaaS capabilities deployed on IaaS capabilities hosted at the AWS GovCloud (US) following federal guidelines and best practices.
• Solid understanding and application of NIST Special Publications including SP 800-53, SP 800-137, SP 800-171, and SP 800-37.
• Experience with RMF and applying the NIST Cybersecurity Framework.
• Ability to analyze and understand a wide range of network architectures and modern IT infrastructure models.
• Knowledge of computer networking concepts, protocols, and network security methodologies.
• Experience using CSAM in an RMF Assessor role.
• Experience with Federal Risk and Authorization Management Program (FedRAMP). 
• Ability to work with cooperatively and at a technical level with developers, engineers, and managers on system teams.
• Knowledge of risk management processes and tools (e.g., methods and tools for assessing and mitigating risks).
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy in a federal environment.

Professional Skills:

• Effectively manage and prioritize multiple tasks and duties simultaneously while effectively coordinating and ensuring that scheduled delivery dates and milestones are achieved.
• Communicate effectively in an accurate and concise manner through written and verbal means to system teams and product and cybersecurity leadership.
• Take initiative on assigned systems and related tasks and work with minimal supervision.
• Work and collaborate as part of an integrated team with diverse backgrounds.