Sr Security Control Assessor

  • Full-Time
  • Washington, DC
  • Enlightened
  • Posted 3 years ago – Accepting applications
Job Description
Sr. Security Control Assessor
Consultant Full-Time

APPLY
Perform Security Assessments (SAs). Although the primary emphasis for this task is for the contractor to complete System
Security Authorization (SSA) activities, this task will provide a vehicle to perform any type of related assessment and reporting needed by FSA that is not identified by other awarded tasks. Other related assessments include but are not limited to Ongoing Security Authorization (OSA) assessments, Private Collection Agency (PCA) security authorizations,
Self-Assessments, Security Impact Analysis (SIA), System Retirement/Data Disposal Assessments, Partial SSA assessments, and special interest security assessments deemed necessary by FSA Management. These SA activities will
requirement preparation services which will include security architecture, security engineering and continuous monitoring planning.

Scanning, Penetration Testing & Analysis Support. Contractor shall provide support for Red Team Services, as well as Vulnerability Scanning and Analysis, Web Application Surveillance and Penetration Testing Tools to perform the services
as part of the Security Assessment (Task 1) requirements in SSA, OSA and SIA activities.

DUTIES AND RESPONSIBILITIES:
  • Co-Lead a team of security control assessors, review their work, and
provide feedback on performance/deliverables.

  • Lead and conduct security testing and security control assessments on federal applications and general support systems to ensure
compliance with the NIST SP 800-53 Rev. 4, NIST 800-37 Rev.1, and agency-
specific requirements.

  • Technically assess both major application and general
support system security configurations and implementation.

  • Interface with federal employees and contractors to
perform the security assessment activities. Responsible for assisting in the
presentation of the vulnerability findings to the client.

  • Analyze results from vulnerability scanning tools such
as Nessus, HP WebInspect, QualysGuard, AppDetective, and Burp Suite.

  • Interface with the clients related to the overall security control assessment program and all security control assessment activities
which the candidate is responsible for leading. Develop Project Schedules, Security Assessment Plans(SAPs), Security Assessment Reports (SARs), Plan of Action and Milestone (POA&M)
Reports, and Executive-Level briefings.

REQUIRED SKILLS:
  • At least 7 years of directly related experience in Information
Technology and/or Cybersecurity.

  • Advanced understanding of NIST Special Publications (e.g., 800-53,800-37) and NIST Risk Management Framework (RMF).
  • 4+ years leading security control assessments based on
NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev.1.

  • 3+ years conducting security control assessments based on NIST SP 800-53 Rev. 4, NIST SP 800-53ARev. 4, and NIST 800-37 Rev.1.
  • Experience serving in a lead role, managing tasks, schedules, resource allocation, and communication with key stakeholders, etc.
  • Well-versed in a wide variety of security technologies
(e.g. network firewalls, WAFs, VPNs, etc.) and the current state of Information
Security, and be able to interpret the requirements of relevant governing
bodies (NIST, OMB, GAO, etc).

  • Experience conducting analysis of vulnerability scan results.
  • Understanding of Unix/Linux (Solaris/Red Hat) and MS Windows Operating Systems.
  • Advanced knowledge of general-purpose vulnerability scanners (e.g.,
QualysGuard, Nessus).

  • Experience implementing and auditing against security
configuration checklists (e.g., DISA STIGs, CIS Benchmarks).

  • Advanced proficiency with Microsoft Word, Excel, and PowerPoint.
  • Ability to communicate effectively; strong documentation and communication (written and verbal) skills.
  • Must hold an active Security Certification, such as Security+ CE, CAP, CASP, CISA, CISM, CISSP, GCED, or GCIH.
  • Ability and willingness to travel approximately 10-15% of the time
within in the Continental US.

  • Knowledge and understanding of Cloud Security and FedRAMP.
  • Self-motivated and able to work in an independent manner.
DESIRED SKILLS:
  • Bachelor's degree (Information Technology or
Cybersecurity related field preferred, however not required).

  • 7+ years of professional experience in Cybersecurity.
  • Experience leading and conducting FedRAMP assessments.
  • Experience configuring and conducting technical
assessments using tools such as Nessus, HP WebInspect, AppDetective, BurpSuite,
and QualysGuard.

  • Understanding of/experience implementing DHS
Continuous Diagnostics and Mitigation (CDM) program and requirements. Cloud security certification (e.g. CCSK, AWS).

Experience working in CSAM.

ESSENTIAL FUNCTIONS:
Physical Requirements:
  • Most work will be done at a desk or computer.
Work Environment:
  • General Office environment. The work environment is fast-paced and sometimes involves extreme deadline pressures. The nature of the work requires a high
degree of teamwork and cooperation with other members of the staff as well as
individuals across the Company and Customers.

Equipment & Machines:
  • General office equipment including PC/laptop, Fax, Copiers, Shredder,
Printers, Telephone, and other miscellaneous office equipment.

Attendance:
  • Attendance is critical at all times. Must be able to work a 40-hour
workweek, normally Monday through Friday. However, times and days may vary
depending on business requirements. Needs to be available to work overtime
during critical peaks and be available to meet last minute requests for
overtime should the situation occur.

Other Essential Functions:
  • Must be able to communicate effectively both verbally and in writing.
  • Grooming and dress must be appropriate for the position and must not
impose a safety risk/hazard to the employee or others. Must put forward a
professional behavior that enhances productivity and promotes teamwork and cooperation. Must be able to interface with individuals at
all levels of the organization both verbally and in writing. Must be
well-organized with the ability to coordinate and prioritize.
Sr. Security Control Assessor
Consultant Full-Time

APPLY
Perform Security Assessments (SAs). Although the primary emphasis for this task is for the contractor to complete System
Security Authorization (SSA) activities, this task will provide a vehicle to perform any type of related assessment and reporting needed by FSA that is not identified by other awarded tasks. Other related assessments include but are not limited to Ongoing Security Authorization (OSA) assessments, Private Collection Agency (PCA) security authorizations,
Self-Assessments, Security Impact Analysis (SIA), System Retirement/Data Disposal Assessments, Partial SSA assessments, and special interest security assessments deemed necessary by FSA Management. These SA activities will
requirement preparation services which will include security architecture, security engineering and continuous monitoring planning.

Scanning, Penetration Testing & Analysis Support. Contractor shall provide support for Red Team Services, as well as Vulnerability Scanning and Analysis, Web Application Surveillance and Penetration Testing Tools to perform the services
as part of the Security Assessment (Task 1) requirements in SSA, OSA and SIA activities.

DUTIES AND RESPONSIBILITIES:
  • Co-Lead a team of security control assessors, review their work, and
provide feedback on performance/deliverables.

  • Lead and conduct security testing and security control assessments on federal applications and general support systems to ensure
compliance with the NIST SP 800-53 Rev. 4, NIST 800-37 Rev.1, and agency-
specific requirements.

  • Technically assess both major application and general
support system security configurations and implementation.

  • Interface with federal employees and contractors to
perform the security assessment activities. Responsible for assisting in the
presentation of the vulnerability findings to the client.

  • Analyze results from vulnerability scanning tools such
as Nessus, HP WebInspect, QualysGuard, AppDetective, and Burp Suite.

  • Interface with the clients related to the overall security control assessment program and all security control assessment activities
which the candidate is responsible for leading. Develop Project Schedules, Security Assessment Plans(SAPs), Security Assessment Reports (SARs), Plan of Action and Milestone (POA&M)
Reports, and Executive-Level briefings.

REQUIRED SKILLS:
  • At least 7 years of directly related experience in Information
Technology and/or Cybersecurity.

  • Advanced understanding of NIST Special Publications (e.g., 800-53,800-37) and NIST Risk Management Framework (RMF).
  • 4+ years leading security control assessments based on
NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev.1.

  • 3+ years conducting security control assessments based on NIST SP 800-53 Rev. 4, NIST SP 800-53ARev. 4, and NIST 800-37 Rev.1.
  • Experience serving in a lead role, managing tasks, schedules, resource allocation, and communication with key stakeholders, etc.
  • Well-versed in a wide variety of security technologies
(e.g. network firewalls, WAFs, VPNs, etc.) and the current state of Information
Security, and be able to interpret the requirements of relevant governing
bodies (NIST, OMB, GAO, etc).

  • Experience conducting analysis of vulnerability scan results.
  • Understanding of Unix/Linux (Solaris/Red Hat) and MS Windows Operating Systems.
  • Advanced knowledge of general-purpose vulnerability scanners (e.g.,
QualysGuard, Nessus).

  • Experience implementing and auditing against security
configuration checklists (e.g., DISA STIGs, CIS Benchmarks).

  • Advanced proficiency with Microsoft Word, Excel, and PowerPoint.
  • Ability to communicate effectively; strong documentation and communication (written and verbal) skills.
  • Must hold an active Security Certification, such as Security+ CE, CAP, CASP, CISA, CISM, CISSP, GCED, or GCIH.
  • Ability and willingness to travel approximately 10-15% of the time
within in the Continental US.

  • Knowledge and understanding of Cloud Security and FedRAMP.
  • Self-motivated and able to work in an independent manner.
DESIRED SKILLS:
  • Bachelor's degree (Information Technology or
Cybersecurity related field preferred, however not required).

  • 7+ years of professional experience in Cybersecurity.
  • Experience leading and conducting FedRAMP assessments.
  • Experience configuring and conducting technical
assessments using tools such as Nessus, HP WebInspect, AppDetective, BurpSuite,
and QualysGuard.

  • Understanding of/experience implementing DHS
Continuous Diagnostics and Mitigation (CDM) program and requirements. Cloud security certification (e.g. CCSK, AWS).

Experience working in CSAM.

ESSENTIAL FUNCTIONS:
Physical Requirements:
  • Most work will be done at a desk or computer.
Work Environment:
  • General Office environment. The work environment is fast-paced and sometimes involves extreme deadline pressures. The nature of the work requires a high
degree of teamwork and cooperation with other members of the staff as well as
individuals across the Company and Customers.

Equipment & Machines:
  • General office equipment including PC/laptop, Fax, Copiers, Shredder,
Printers, Telephone, and other miscellaneous office equipment.

Attendance:
  • Attendance is critical at all times. Must be able to work a 40-hour
workweek, normally Monday through Friday. However, times and days may vary
depending on business requirements. Needs to be available to work overtime
during critical peaks and be available to meet last minute requests for
overtime should the situation occur.

Other Essential Functions:
  • Must be able to communicate effectively both verbally and in writing.
  • Grooming and dress must be appropriate for the position and must not
impose a safety risk/hazard to the employee or others. Must put forward a
professional behavior that enhances productivity and promotes teamwork and cooperation. Must be able to interface with individuals at
all levels of the organization both verbally and in writing. Must be
well-organized with the ability to coordinate and prioritize.

Enlightened, Inc. is an Equal Opportunity and Affirmative Action employer. All qualified candidates will receive consideration for employment without regard to race, ethnicity, gender, veteran status, or on the basis of disability or any other federal, state or local protected class.
XJ6
Apply to this Job