Cybersecurity Assessor – CMMC

This is a fully remote position, open to applicants in United States.

📋 Description

• Perform security control evaluations for both commercial and government clients to assess the overall effectiveness of controls and the vulnerability status of components, applications, and databases within a system boundary.

• Create, document, and review System Rules of Engagement (ROE), Security Assessment Plans (SAPs), and Security Assessment Reports (SARs).

• Organize kick-off meetings and develop corresponding schedules and resource plans to facilitate the assessments.

• Ensure quality control on the assessment and its associated deliverables.

• Formulate practical and risk-based strategies for the implementation of security controls and remediation of vulnerabilities.

• Evaluate and provide input on system boundaries, common controls, the security categorization of information systems, and the applicable security control baseline based on system categorization.

• Review the cyber/system/network security documentation and evidence for accuracy and completeness.

• Lead Post Assessment Meetings with clients.

• Offer Plan of Action and Milestones (POA&M) support to guarantee that mitigations are completed or that teams are actively addressing all vulnerabilities in a timely manner and in accordance with customer policy timelines.

• Conduct continuous monitoring to ensure that implemented security controls remain effective throughout the information system's lifecycle.

• Undertake additional duties as assigned.

⛳️ Requirements

• Must be a US Citizen.

• Must be able to obtain and maintain a favorable suitability determination by the CyberAB.

• Bachelor's degree in Information Technology or a related Cybersecurity field.

• Over 5 years of experience in auditing and/or assessments.

• Comprehensive knowledge of cloud environments (services/security).

• Strong experience with NIST 800-171 and/or NIST 800-53.

• Must possess an active CCP certification listed in the CMMC Marketplace.

• Must hold at least one of the following industry certifications for CCP: CompTIA Security + (Sec+).

• Must have at least one of the following industry certifications for CCA: Certified Information System Security Professional (CISSP), CompTIA Advanced Security Practitioner (CASP+ CE), Security X, CompTIA Cybersecurity Analyst (CySA+), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), Mile Two Certified, or Certified Information Systems Security Officer (C|CISSO).

🏝️ Benefits

• Paid time off.

• Paid holidays.

• Work-from-home opportunities.

• 401k with matching incentive.

• Competitive medical, dental, and vision benefits.

• Company-provided life insurance.

• Company-provided short-term disability.