Security Control Assessor
Washington, DC, DC, USA
Applications have closed
Evolver
Evolver develops IT transformation & cybersecurity solutions - Scalable tech solutions for government agencies and modern enterprises.Evolver Federal is looking for a Security Control Assessor to join our team supporting our federal client in Washington, DC.
The Security Control Assessor is responsible for providing independent security control testing to the client for ~ 50 FIPS Moderate and Low systems. Duties include conducting security control assessments through interviews, examination, and/or testing for all applicable management, operational, and technical controls, including analyzing findings and results and validating test results/ reports. Duties also include developing Security Control Assessment Plans, Risk Assessment Reports, and ATO Memos, as well as developing and maintaining testing policies and related Standard Operating Procedures (SOPs). The Security Control Assessor is also responsible for documenting and presenting the results of the Security Test & Evaluation (ST&E) to government stakeholders including System Owners, ISSOs, the CISO and Authorizing Official.
Responsibilities
- Conduct security testing in accordance with NIST SP 800-53-A.
- Develop Security Controls Assessment Plans, including:
- Interviewing, examining, and/or testing management, operational, and technical controls.
- Gathering evidence for tested controls.
- Summarizing testing results, highlighting high/moderate risk items and compliance percentages.
- Documenting results within the Security Controls Assessment Plan.
- Analyzing and summarizing scan results, utilizing scans provided by the cloud environment.
- Assist in updating the client's IT Security Program policies and procedures.
- Provide timely reminders to Agency ISSOs to support Continuous Monitoring efforts.
- Assist in launching the client's Configuration Management program, including compliance testing and guidance on implementing DISA's Security Technical Implementation Guides (STIGs).
- Produce Security Assessment Reports (SAR) using the Agency's Information Assurance tool.
- Evaluate the risk of SAR findings from security testing and summarize them into Plan of Action and Milestone (POA&M) tracking documentation.
- Track the progress of the IT Risk Management program through POA&M updates and/or data submission to the Agency's Office of Risk Management.
Basic Requirements
- Bachelor's degree in computer science, Information Technology, or related field.
- 4 years' experience in security testing and assessment, preferably in a federal information systems environment.
- 4 years' experience creating POA&Ms in the CSAM tool.
- 2 years of experience with NIST SP 800-53-A and security control assessment methodologies.
- US Citizen, Must be able to pass a comprehensive background check.
- Travel required once per year to sites in WV and PA
Preferred Requirements
- 6 years' experience in security testing and assessment, preferably in a federal information systems environment.
- 6 years' experience creating POA&Ms in the CSAM tool.
- 4 years of experience with NIST SP 800-53-A and security control assessment methodologies.
- One or more of the following certifications preferred: CISSP, CAP, CISM, Security+, CASP, CISA.
- Strong analytical skills and ability to quantify and analyze test findings.
- Knowledge of security tools and techniques, including scanning tools.
- Understanding of cloud environments and their security implications.
- Excellent communication (verbal and written) and collaboration skills, with the ability to work effectively with security staff and Agency ISSOs.
- Experience with security program management, including policy and procedure development, Continuous Monitoring, and risk management.
- Excellent organizational skills and attention to detail.
- Strong analytical, critical thinking, and problem-solving skills.
- Ability to function well in a high-paced and at times stressful environment.
- Ability to prioritize tasks.
- Proficient with Microsoft Office Suite; specifically, Excel, Word, and Outlook a must.
Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CASP+ CISA CISM CISO CISSP Cloud Compliance Computer Science DISA Monitoring NIST NIST 800-53 POA&M Risk assessment Risk Assessment Report Risk management Security assessment Security Assessment Report STIGs
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open SQL-related jobs
- Open PowerShell-related jobs