Security Control Assessor

Job#: 3021496

Job Description:

For immediate response, please send to : WORD resume, desired hourly/salary rate, and best time to speak! Please include job ID as well.

Job ID: 3021496

Position: Security Control Assessor

Location: Washington, DC (100% ONSITE)

Duration: Long Term Contract, potential Contract to Hire

MUST HAVES:

• Must be able to obtain and maintain a Secret Clearance | Bachelor's & 5+ Years of Experience | IAT Level II Certification (please send copy)
• Experience STIG Viewer, eMASS, building ATO packages, developing test plans
• Has worked within a Cloud environment (highly preferred)

The Opportunity:

We are seeking a skilled and detail-oriented Security Control Assessor and Validator to join our team. The successful candidate will be responsible for evaluating, testing, and validating the effectiveness of security controls within our organization's information systems and networks, with a strong emphasis on applying the Risk Management Framework (RMF).

Responsibilities:

The Security Control Assessor will be responsible for the following:

• Provide the United States Coast Guard (USCG) with tailored documentation to support their security authorization.
• Independent assessor for Risk Management Framework Steps 0 to 7.
• Plan and execute security control assessments for various information systems within the organization.
• Develop and maintain assessment procedures and methodologies aligned with NIST guidelines and other relevant frameworks.
• Analyze and evaluate the effectiveness of implemented security controls.
• Identify vulnerabilities, weaknesses, and potential risks in information systems and infrastructure.
• Prepare detailed Security Assessment Reports (SARs) documenting findings and recommendations.
• Collaborate with system owners, ISSOs, and other stakeholders throughout the assessment process.
• Verify the implementation of remediation actions and conduct follow-up assessments as needed.
• Provide expert advice on the development and maintenance of System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms).
• Stay current with evolving cybersecurity threats, technologies, and best practices.
• Validate security control implementation and provide test results.
• Hands-on experience in assessing RMF Step 4 and performing continuous monitoring.
• Examine security control weaknesses and determine if they are producing the desired intent.
• Deep understanding of Vulnerability Management practices.

Required Qualifications:

• Intimate understanding of NIST RMF implementation guidance.
• Hands-on experience with using eMASS or similar Information Assurance tools.
• Experience analyzing vulnerability scans and STIG implementations.
• Knowledge/Familiarity with DoD 8500, DoD 8510, DHS 4300 A and B, NIST SP 800-18, 60, 70, 53, 53A, 137, IACS, CMRS, COAMS, JIMS, Swimlane, Governance, Risk, and Compliance, POA&M (i.e., Management, Assessment, etc.), ERS, FISMA, Knowledge Service, ACAS, Tanium, Power BI, Project/Program Management, TASKORD (i.e., FRAGO, CTO, etc.), and Data Calls (i.e., OIG Audit, etc.)

Desired:

• Well-developed understanding of Systems Development Lifecycle (SDLC) and ideally the DHS Systems Engineering Lifecycle (SELC) process as it relates to Security Assessment and Authorization (SA&A).
• Relevant DOD, DHS or .gov Cyber Security Information Assurance focused experience with specific current hands-on experience researching, writing, and submitting complete documentation packages for new system authorizations.

EEO Employer

Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or .

Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico. Apex uses a virtual recruiter as part of the application process. Click for more details.

Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.