Security Control Assessor

Security Control Assessor
Public Trust
Washington DC (5 days a week on-site)

This role will involve performing security control assessments, utilizing the NIST Risk Management Framework (RMF), and supporting the overall cybersecurity efforts to safeguard systems and information. The ideal candidate will have a strong background in security control assessments, specifically utilizing the NIST RMF and related publications.
This is an on-site position based in the D.C. area with occasional travel.
Responsibilities:
-Perform security control assessments using the NIST Risk Management Framework (RMF) for ATR systems.
-Leverage the Joint Cybersecurity Authorization Management (JCAM) system (formerly CSAM) to conduct assessments, manage security controls, and provide recommendations.
-Collaborate with Information System Security Officers (ISSOs) and other teams to obtain required information and support system security assessments.
-Develop and maintain Plans of Actions and Milestones (POAMs) and provide recommendations for mitigating security risks.
-Review and assess system security documentation, including System Security Plans (SSPs), security assessments, and continuous monitoring activities.
-Conduct vulnerability management activities, including assessing remediation efforts and verifying controls.
-Provide recommendations on account management, configuration management, incident response, cloud computing environments, and contingency planning.
-Maintain and update knowledge of federal security requirements and industry standards.
-Work independently and manage tasks effectively while maintaining flexibility to adapt to changes in tasking.

Personal Skills:
-Analytical: Ability to assess complex security issues and propose solutions.
-Independent: Able to work autonomously with little to no supervision.
-Team-Oriented: Collaborates effectively with ISSOs and other stakeholders.
-Flexible: Adaptable to changes in priorities or tasking.
-Inquisitive: Strong ability to ask the right questions to gather information and clarify requirements.
-Outgoing: Comfortable interacting with multiple teams to gather necessary information and support security efforts.

Job Requirements:
Education & Experience:
-Bachelor's degree with 8+ years of relevant experience. Additional experience may be considered in lieu of a degree.
-Minimum of 3 to 5 years performing security control assessments using the NIST Risk Management Framework (RMF).
-Experience with or Federal Law Enforcement Agency organizations is preferred but not required.
-Knowledge of NIST Risk Management Framework (RMF):
-SP 800-53A Rev. 5: Assessing Security and Privacy Controls in Information Systems and Organizations
-SP 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations
-SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations
-SP 800-137: Information Security Continuous Monitoring (ISCM)
-SP 800-18 Rev. 1: Guide for Developing Security Plans for Federal Information Systems
-FIPS 200: Minimum Security Requirements for Federal Information and Information Systems
-FIPS 199: Standards for Security Categorization of Federal Information and Information Systems
-Experience with Joint Cybersecurity Authorization Management (JCAM) system (formerly CSAM):
-Use of JCAM for assessment and management of security controls for Federal LEA systems.
-In-depth Knowledge in the following principles:
-Account Management
-Configuration Management
-Vulnerability Management
-Identity Credentials and Authorization Management
-Contingency Plans/Planning
-Audit and Accountability
-Incident Response
-Media Protection
-Cloud Computing Environments
-POAM Creation and Management

Additional Qualifications:
-Active Public Trust clearance or ability to obtain one.
-Ability to travel up to 25% for site assessments, meetings, and other required duties.