SECURITY ASSESSOR - SR

SECURITY ASSESSOR - SR

MILITARY FRIENDLY & PREFERRED - HOH SPONSOR

The organization is seeking two Security Assessor SR to evaluate security posture, identify vulnerabilities, and provide recommendations to enhance security controls. The Security Assessor will ensure compliance and help establish a robust security framework to protect sensitive information, systems, and assets.

• Deliverable support, quality assurance, and act as team observer for major task deliverables.
• Support the client by conducting testing, verification, and validation of the proper implementation of security controls for IT systems.
• Follow and apply the Zermount six-phased Security Control Assessment Process.
• Serve as the Security Assessor for system Security Authorization (SA) / Authorization to Operate (ATO)s, annual assessments, OA assessments, and risk assessments for changes to the systems.
• Utilize structured mini teams to complete SA and RA activities.
• Assess applicable security controls defined in the Agency Compliance Tool and applicable to the systems under review.
• Conduct assessment and analysis of Federal Information Processing Standards (FIPS-199), Privacy Threshold Analysis (PTA), E-Authorizations, Contingency Plans (CPs), SPs, and NIST 800.53A test cases.
• Assemble the SA package in accordance with Agency and Organization SOPs, including Security Assessment Plans (SAP), Security Assessment Reports (SAR), SAR Briefings, CISO recommendation memos, AO ATO letters, and finding matrices.
• Conduct RA and develop RA memos.
• Ensure objective, fact-based findings are documented in the mandated Agency Compliance Tool at OS, application, and database levels.
• Gather evidence for ATO efforts and store results in the mandated Agency Compliance Tool and/or a GRC repository.
• Support RFC processes by conducting risk assessments to evaluate changes and cybersecurity impacts; utilize IT tools for tracking changes.
• Analyze and document findings; assist in assessing scope and extent of changes to support Zero Trust mandates.
• Assist in assessing architectural and configuration changes by the Organization O&M teams.
• Conduct vulnerability assessments using tools (e.g., Tenable, AppDetective, WebInspect, AppScan) and create Findings/POA&M matrices from results.
• Conduct compliance scans and validation of STIGs during assessment.
• Conduct Audit of Privileged Accounts (APA) as part of ATO activities and annually review ISSO Privileged Account Audits.
• Execute responsibilities per SA and OA SOPs and assist in their review and updates.
• Perform gap analysis of RMF processes and execute direction from the Program Manager or GRC SME.
• Evaluate emerging technologies, conduct AoA to ensure compliance with federal mandates and requirements.
• Support assessments of plans, designs, technical concepts, implementation approaches, standards compliance, and risk analyses.
• Review existing network infrastructure and coordinate with stakeholders to perform network assessments including circuits, bandwidth, traffic types, and routing protocols.
• Conduct TIC 3.0 compliance assessments to determine gaps and develop solutions to meet compliance.
• Perform complex risk analyses to identify compliance with federal requirements (e.g., EO 14028, OMB M 22-09, 21-31, A-130, NIST SP 800-37, 800-53, FIPS 199, FIPS-200).
• Perform assessment/analysis of designs, architectures, configurations, and implementation of Zero Trust (ZT) principles and security capabilities.
• Research DHS FISMA requirements and identify obstacles for customers on a regular basis.
• Provide weekly status reports and briefings for tasks assigned, ensuring reports are well-structured and aligned with management guidelines.
• Prepare to present, brief, and explain weekly status reports to management and/or government clients.
• Provide assistance to team members as required, and collaborate with Compliance Specialist and the GRC Team.
• Assist in ZT reviews and assessments of all cybersecurity and IT capabilities across the organization, including ZT readiness assessments and gap analyses.
• Prepare a Readiness Assessment Report with mitigations or recommendations and identify gaps; ensure RMF compliance and incorporate changes into the CIO ZT Plan and related documentation.

• Experience and knowledge of EO/OMB/FISMA/NIST guidance, RMF, cloud, and related frameworks; familiarity with CISA architectures.
• Understanding of zero trust principles is beneficial but not required.
• Proficient in risk assessment methodologies and security architecture frameworks.
• Experience with cloud-based environments and technologies preferred.
• Knowledge of cybersecurity threats, risk, and vulnerabilities and mitigation strategies.
• Excellent communication skills to explain complex concepts clearly.
• Technical knowledge of IT systems and security control implementation.
• Strong problem-solving skills and proactive attitude toward issues and solutions.
• Ability to conduct system analysis and identify performance issues.
• Experience developing and implementing IT solutions to resolve technical challenges.
• Ability to work independently and in a team.
• Knowledge of NIST guidelines and RMF compliance.
• Familiarity with cybersecurity analysis tools (e.g., Archer, Nessus, Splunk).
• Experience communicating with technical, non-technical, and executive-level customers.
• Ability to analyze MLS requirements and design/engineer solutions; gather information about mission goals and security products.
• Ability to perform risk analyses and develop security standards.

• Minimum Bachelor of Science in computer engineering, computer science, IT, cybersecurity, or related field plus 7 years of IT cybersecurity experience including direct US government support and 4 years as an ISSO/assessor/compliance analyst; or, without a BS, 10 years of IT cybersecurity experience with US government support.

• Minimum one of the following: CAP, CISM, CISSP, CCISO, or equivalent per the DoD 8570 list.

• Active Secret Clearance required.

• Primarily remote. Onsite work in Arlington, VA or US may be occasionally required.

• 8:00 am EST - 4:30 pm EST.