
Cybersecurity Assessor
Posted 1 hour ago

Posted 1 hour ago
This is a fully remote position, open to applicants in Texas.
• Take initiative to plan and conduct hands-on cybersecurity assessments across various environments, including enterprise, cloud, and public-sector settings — specifically focusing on election infrastructure at the county, city, and state levels.
• Analyze the design and operational effectiveness of technical controls covering identity and access management, endpoint protection, patch and vulnerability management, secure configurations, network segmentation, data protection, logging/monitoring, and incident response.
• Examine and interpret technical configurations and artifacts — such as firewall rulesets, Group Policy Objects (GPOs), hardening baselines, cloud security configurations, IAM policies, and logging setups — to verify control implementation.
• Conduct interviews with stakeholders and review documentation to assess policy, process, and control maturity.
• Evaluate client environments against established frameworks and standards including NIST CSF 2.0, CIS Controls, ISO 27001, CMMC, CJIS, HIPAA, and PCI DSS.
• Create comprehensive assessment reports that highlight prioritized risk findings, maturity ratings, and practical, business-oriented recommendations.
• Align findings with client risk profiles and business context, converting technical gaps into straightforward remediation roadmaps.
• Present findings and recommendations to a diverse range of client stakeholders, from technical practitioners to executive leadership.
• Facilitate the ongoing enhancement of Apollo’s assessment methodologies, workbooks, tools, and report templates.
• Provide mentorship to junior assessors and conduct peer reviews of assessment deliverables.
• Collaborate with consultants, engineers, advisors, and project managers to ensure high-quality engagements.
• Keep abreast of emerging threats, technologies, and regulatory changes.
• Proven experience in cybersecurity, with a track record of leading or conducting security assessments (confirm threshold).
• Direct, hands-on experience evaluating environments against recognized frameworks (NIST CSF, CIS Controls, ISO 27001, CMMC, CJIS, HIPAA, or PCI DSS).
• Strong understanding of security controls across operating systems, network infrastructure, cloud services, and identity systems.
• Capability to independently review and assess technical configurations and documentation (including firewall rules, GPOs, hardening baselines, logging setups, and cloud configurations).
• Exceptional written communication skills, with the ability to generate client-ready reports and translate technical findings into accessible language for non-technical audiences.
• Experience working with clients in a consulting role and managing multiple concurrent projects.
• One or more relevant certifications — such as Security+, CySA+, CISA, GIAC (e.g., GSEC), or assessor-specific credentials like CMMC CCP/CCA.
• Practical familiarity with Microsoft 365 and Azure (and exposure to AWS or GCP).
• Experience with security tools — including vulnerability scanners, SIEM/EDR platforms, and configuration analyzers.
• Background in supporting public sector clients, election infrastructure, or regulated industries.
• Comprehensive medical, dental, and vision coverage, with the company covering 100% of employee premiums and 90% of dependent premiums on base plans.
• Unlimited PTO, 7 paid sick days, and 11 paid holidays.
• 401(k) plan with a 4% company match after 90 days, fully vested immediately.
• Company-paid life insurance at 1x annual salary.
• Company-funded Short-Term Disability (STD) and Long-Term Disability (LTD) coverage.
• A monthly stipend of $125 for home-office technology needs, including internet and equipment.
• Enjoy a collaborative environment with amazing colleagues and a culture that emphasizes support and growth.
DATAGROUP
CrowdStrike
GitLab
CrowdStrike
Get handpicked remote jobs straight to your inbox weekly.