Security Controls Assessor

This is a fully remote position, open to applicants in United States.

📋 Description

• Develop a System Security Plan (SSP) based on NIST 800-53 Rev5.

• Create or update the relevant documents as specified by NIST 800-53 Rev 5, particularly the Security Assessment Report (SAR).

• Create or update the corresponding Plan of Actions and Milestones (POA&M).

• Provide comprehensive security-related reports that include data, analysis, and conclusions upon the completion of tests, scans, and assessments, along with mitigative actions and, when necessary, appropriate escalation of identified risks and vulnerabilities.

• Verify and document the implementation of security controls essential for achieving compliance.

• Keep management informed of potential areas of concern, both verbally and in writing.

• Review and develop System Security Plans (SSPs), Plans of Actions and Milestones (PO&Ms), and other required documentation.

• Facilitate the Plan of Actions and Milestones (POA&M) program to ensure customer systems have accurately and completely provided information for POA&M activities, including valid remediation of findings.

• Develop various policy documents (SOPs/CONOPs) as needed.

• This may encompass policies related to Configuration Management, Information System Sanitization, Media Security, Password Policy, Business Continuity, Continuity of Operations, Incident Response, Disaster Recovery, and Security Assessments.

• Develop new information security and risk policies while enhancing existing ones.

• Initiate and lead ongoing information security maturity assessment processes and training, utilizing industry-accepted frameworks and integrating them into the overall cyber security strategy.

• Produce and review key performance indicators for implemented security measures and distribute these KPIs.

• Stay informed about the threat landscape by monitoring threat intelligence and other relevant sources.

⛳️ Requirements

• Over 5 years of directly relevant experience in IT security compliance.

• Recent experience with NIST 800-53 Rev 5 "Security and Privacy Controls for Federal Information Systems and Organizations."

• Knowledge of cloud computing security.

• Familiarity with security governance and policy.

• Proficiency in security risk analysis.

• Experience with auditing and monitoring systems.

• Knowledge of scanning and vulnerability management systems.

• Expertise in Advanced Malware Protection.

• Understanding of threat intelligence.

• Experience in incident management, including analysis, detection, and handling of security events.

• Proficiency in penetration testing and related tools (e.g., nmap, Metasploit, etc.).

• Bachelor’s Degree in Computer Science or a related technical discipline, or an equivalent combination of education, professional training, or work experience (preferred).

• Military and/or practical job experience may be accepted in lieu of formal education, along with significant industry certifications.

🏝️ Benefits

• Competitive salary and comprehensive health benefits.

• Opportunities for professional development and training.

• A supportive work environment with a focus on work-life balance.

• Access to the latest tools and technologies in the field.