Sr Security Control Assessor
- Full-Time
- Washington, DC
- Enlightened
- Posted 3 years ago – Accepting applications
Job Description
Sr. Security Control Assessor
Consultant Full-Time
APPLY
Perform Security Assessments (SAs). Although the primary emphasis for this task is for the contractor to complete System
Security Authorization (SSA) activities, this task will provide a vehicle to perform any type of related assessment and reporting needed by FSA that is not identified by other awarded tasks. Other related assessments include but are not limited to Ongoing Security Authorization (OSA) assessments, Private Collection Agency (PCA) security authorizations,
Self-Assessments, Security Impact Analysis (SIA), System Retirement/Data Disposal Assessments, Partial SSA assessments, and special interest security assessments deemed necessary by FSA Management. These SA activities will
requirement preparation services which will include security architecture, security engineering and continuous monitoring planning.
Scanning, Penetration Testing & Analysis Support. Contractor shall provide support for Red Team Services, as well as Vulnerability Scanning and Analysis, Web Application Surveillance and Penetration Testing Tools to perform the services
as part of the Security Assessment (Task 1) requirements in SSA, OSA and SIA activities.
DUTIES AND RESPONSIBILITIES:
specific requirements.
presentation of the vulnerability findings to the client.
Reports, and Executive-Level briefings.
REQUIRED SKILLS:
Security, and be able to interpret the requirements of relevant governing
bodies (NIST, OMB, GAO, etc).
and QualysGuard.
Experience working in CSAM.
ESSENTIAL FUNCTIONS:
Physical Requirements:
individuals across the Company and Customers.
Equipment & Machines:
Attendance:
depending on business requirements. Needs to be available to work overtime
during critical peaks and be available to meet last minute requests for
overtime should the situation occur.
Other Essential Functions:
professional behavior that enhances productivity and promotes teamwork and cooperation. Must be able to interface with individuals at
all levels of the organization both verbally and in writing. Must be
well-organized with the ability to coordinate and prioritize.
Sr. Security Control Assessor
Consultant Full-Time
APPLY
Perform Security Assessments (SAs). Although the primary emphasis for this task is for the contractor to complete System
Security Authorization (SSA) activities, this task will provide a vehicle to perform any type of related assessment and reporting needed by FSA that is not identified by other awarded tasks. Other related assessments include but are not limited to Ongoing Security Authorization (OSA) assessments, Private Collection Agency (PCA) security authorizations,
Self-Assessments, Security Impact Analysis (SIA), System Retirement/Data Disposal Assessments, Partial SSA assessments, and special interest security assessments deemed necessary by FSA Management. These SA activities will
requirement preparation services which will include security architecture, security engineering and continuous monitoring planning.
Scanning, Penetration Testing & Analysis Support. Contractor shall provide support for Red Team Services, as well as Vulnerability Scanning and Analysis, Web Application Surveillance and Penetration Testing Tools to perform the services
as part of the Security Assessment (Task 1) requirements in SSA, OSA and SIA activities.
DUTIES AND RESPONSIBILITIES:
specific requirements.
presentation of the vulnerability findings to the client.
Reports, and Executive-Level briefings.
REQUIRED SKILLS:
Security, and be able to interpret the requirements of relevant governing
bodies (NIST, OMB, GAO, etc).
and QualysGuard.
Experience working in CSAM.
ESSENTIAL FUNCTIONS:
Physical Requirements:
individuals across the Company and Customers.
Equipment & Machines:
Attendance:
depending on business requirements. Needs to be available to work overtime
during critical peaks and be available to meet last minute requests for
overtime should the situation occur.
Other Essential Functions:
professional behavior that enhances productivity and promotes teamwork and cooperation. Must be able to interface with individuals at
all levels of the organization both verbally and in writing. Must be
well-organized with the ability to coordinate and prioritize.
Enlightened, Inc. is an Equal Opportunity and Affirmative Action employer. All qualified candidates will receive consideration for employment without regard to race, ethnicity, gender, veteran status, or on the basis of disability or any other federal, state or local protected class.
XJ6
Apply to this Job
Consultant Full-Time
APPLY
Perform Security Assessments (SAs). Although the primary emphasis for this task is for the contractor to complete System
Security Authorization (SSA) activities, this task will provide a vehicle to perform any type of related assessment and reporting needed by FSA that is not identified by other awarded tasks. Other related assessments include but are not limited to Ongoing Security Authorization (OSA) assessments, Private Collection Agency (PCA) security authorizations,
Self-Assessments, Security Impact Analysis (SIA), System Retirement/Data Disposal Assessments, Partial SSA assessments, and special interest security assessments deemed necessary by FSA Management. These SA activities will
requirement preparation services which will include security architecture, security engineering and continuous monitoring planning.
Scanning, Penetration Testing & Analysis Support. Contractor shall provide support for Red Team Services, as well as Vulnerability Scanning and Analysis, Web Application Surveillance and Penetration Testing Tools to perform the services
as part of the Security Assessment (Task 1) requirements in SSA, OSA and SIA activities.
DUTIES AND RESPONSIBILITIES:
- Co-Lead a team of security control assessors, review their work, and
- Lead and conduct security testing and security control assessments on federal applications and general support systems to ensure
specific requirements.
- Technically assess both major application and general
- Interface with federal employees and contractors to
presentation of the vulnerability findings to the client.
- Analyze results from vulnerability scanning tools such
- Interface with the clients related to the overall security control assessment program and all security control assessment activities
Reports, and Executive-Level briefings.
REQUIRED SKILLS:
- At least 7 years of directly related experience in Information
- Advanced understanding of NIST Special Publications (e.g., 800-53,800-37) and NIST Risk Management Framework (RMF).
- 4+ years leading security control assessments based on
- 3+ years conducting security control assessments based on NIST SP 800-53 Rev. 4, NIST SP 800-53ARev. 4, and NIST 800-37 Rev.1.
- Experience serving in a lead role, managing tasks, schedules, resource allocation, and communication with key stakeholders, etc.
- Well-versed in a wide variety of security technologies
Security, and be able to interpret the requirements of relevant governing
bodies (NIST, OMB, GAO, etc).
- Experience conducting analysis of vulnerability scan results.
- Understanding of Unix/Linux (Solaris/Red Hat) and MS Windows Operating Systems.
- Advanced knowledge of general-purpose vulnerability scanners (e.g.,
- Experience implementing and auditing against security
- Advanced proficiency with Microsoft Word, Excel, and PowerPoint.
- Ability to communicate effectively; strong documentation and communication (written and verbal) skills.
- Must hold an active Security Certification, such as Security+ CE, CAP, CASP, CISA, CISM, CISSP, GCED, or GCIH.
- Ability and willingness to travel approximately 10-15% of the time
- Knowledge and understanding of Cloud Security and FedRAMP.
- Self-motivated and able to work in an independent manner.
- Bachelor's degree (Information Technology or
- 7+ years of professional experience in Cybersecurity.
- Experience leading and conducting FedRAMP assessments.
- Experience configuring and conducting technical
and QualysGuard.
- Understanding of/experience implementing DHS
Experience working in CSAM.
ESSENTIAL FUNCTIONS:
Physical Requirements:
- Most work will be done at a desk or computer.
- General Office environment. The work environment is fast-paced and sometimes involves extreme deadline pressures. The nature of the work requires a high
individuals across the Company and Customers.
Equipment & Machines:
- General office equipment including PC/laptop, Fax, Copiers, Shredder,
Attendance:
- Attendance is critical at all times. Must be able to work a 40-hour
depending on business requirements. Needs to be available to work overtime
during critical peaks and be available to meet last minute requests for
overtime should the situation occur.
Other Essential Functions:
- Must be able to communicate effectively both verbally and in writing.
- Grooming and dress must be appropriate for the position and must not
professional behavior that enhances productivity and promotes teamwork and cooperation. Must be able to interface with individuals at
all levels of the organization both verbally and in writing. Must be
well-organized with the ability to coordinate and prioritize.
Sr. Security Control Assessor
Consultant Full-Time
APPLY
Perform Security Assessments (SAs). Although the primary emphasis for this task is for the contractor to complete System
Security Authorization (SSA) activities, this task will provide a vehicle to perform any type of related assessment and reporting needed by FSA that is not identified by other awarded tasks. Other related assessments include but are not limited to Ongoing Security Authorization (OSA) assessments, Private Collection Agency (PCA) security authorizations,
Self-Assessments, Security Impact Analysis (SIA), System Retirement/Data Disposal Assessments, Partial SSA assessments, and special interest security assessments deemed necessary by FSA Management. These SA activities will
requirement preparation services which will include security architecture, security engineering and continuous monitoring planning.
Scanning, Penetration Testing & Analysis Support. Contractor shall provide support for Red Team Services, as well as Vulnerability Scanning and Analysis, Web Application Surveillance and Penetration Testing Tools to perform the services
as part of the Security Assessment (Task 1) requirements in SSA, OSA and SIA activities.
DUTIES AND RESPONSIBILITIES:
- Co-Lead a team of security control assessors, review their work, and
- Lead and conduct security testing and security control assessments on federal applications and general support systems to ensure
specific requirements.
- Technically assess both major application and general
- Interface with federal employees and contractors to
presentation of the vulnerability findings to the client.
- Analyze results from vulnerability scanning tools such
- Interface with the clients related to the overall security control assessment program and all security control assessment activities
Reports, and Executive-Level briefings.
REQUIRED SKILLS:
- At least 7 years of directly related experience in Information
- Advanced understanding of NIST Special Publications (e.g., 800-53,800-37) and NIST Risk Management Framework (RMF).
- 4+ years leading security control assessments based on
- 3+ years conducting security control assessments based on NIST SP 800-53 Rev. 4, NIST SP 800-53ARev. 4, and NIST 800-37 Rev.1.
- Experience serving in a lead role, managing tasks, schedules, resource allocation, and communication with key stakeholders, etc.
- Well-versed in a wide variety of security technologies
Security, and be able to interpret the requirements of relevant governing
bodies (NIST, OMB, GAO, etc).
- Experience conducting analysis of vulnerability scan results.
- Understanding of Unix/Linux (Solaris/Red Hat) and MS Windows Operating Systems.
- Advanced knowledge of general-purpose vulnerability scanners (e.g.,
- Experience implementing and auditing against security
- Advanced proficiency with Microsoft Word, Excel, and PowerPoint.
- Ability to communicate effectively; strong documentation and communication (written and verbal) skills.
- Must hold an active Security Certification, such as Security+ CE, CAP, CASP, CISA, CISM, CISSP, GCED, or GCIH.
- Ability and willingness to travel approximately 10-15% of the time
- Knowledge and understanding of Cloud Security and FedRAMP.
- Self-motivated and able to work in an independent manner.
- Bachelor's degree (Information Technology or
- 7+ years of professional experience in Cybersecurity.
- Experience leading and conducting FedRAMP assessments.
- Experience configuring and conducting technical
and QualysGuard.
- Understanding of/experience implementing DHS
Experience working in CSAM.
ESSENTIAL FUNCTIONS:
Physical Requirements:
- Most work will be done at a desk or computer.
- General Office environment. The work environment is fast-paced and sometimes involves extreme deadline pressures. The nature of the work requires a high
individuals across the Company and Customers.
Equipment & Machines:
- General office equipment including PC/laptop, Fax, Copiers, Shredder,
Attendance:
- Attendance is critical at all times. Must be able to work a 40-hour
depending on business requirements. Needs to be available to work overtime
during critical peaks and be available to meet last minute requests for
overtime should the situation occur.
Other Essential Functions:
- Must be able to communicate effectively both verbally and in writing.
- Grooming and dress must be appropriate for the position and must not
professional behavior that enhances productivity and promotes teamwork and cooperation. Must be able to interface with individuals at
all levels of the organization both verbally and in writing. Must be
well-organized with the ability to coordinate and prioritize.
Enlightened, Inc. is an Equal Opportunity and Affirmative Action employer. All qualified candidates will receive consideration for employment without regard to race, ethnicity, gender, veteran status, or on the basis of disability or any other federal, state or local protected class.
XJ6