We are looking for a Security Controls Assessor to join our team on an upcoming cyber security program supporting our federal client.

Responsibilities Include:

• Security Control Assessments:
  • Conduct Security Control Assessments and provide documentation updates for the supported systems in support of Continuous Monitoring Program.
  • Create / update and maintain all systems A&A documentation consisting of System Security Plan (SSP), Security Assessment Report (SAR), Contingency Plan (CP), etc. to ensure documentation reflects the current status of the system to include, but not limited to, inventory, contact information, descriptions, and security posture.
  • Quarterly reporting of systems security posture based on a number of inputs from different systems and sources.
  • Evaluate, interpret, and incorporate new customer and NIST technical control standards into A&A documentation as control standards are published.
  • Perform Quality Assurance support on systems security documentation.
  • Perform Independent Verification and Validation (IV&V) on artifacts as needed.
  • Streamline process through use of centralized authoritative source.
  • Automate data collection and ingest where possible to gain efficiency.
• Technical Continuous Monitoring:
  • Support Information System Security Officer(s) (ISSO) with technical assessment and Information System analysis in accordance with the customer's risk management framework.
  • Monitor and report technical security controls in accordance with the customer's Continuous Monitoring plan/strategy.
  • Evaluate, interpret, and incorporate new customer and NIST technical control standards into information system boundaries as control standards are published.
  • Perform Quality Assurance support on Information Systems Security controls.
  • Support non-standard technical requests that impact the System or multiple customers, within one (1) business day.
  • Ensure that Personally Identifiable Information (PII) events associated with the Information System boundaries are reported to the Computer Incident Response Center (CIRC) within 1 hour in accordance with the Privacy Breach Response Plan.
  • Ensure that Vulnerability and/or Compliance scans/reports are processed in accordance with the Continuous Monitoring plan/strategy.

Required Qualifications, Experience, and Skills:

• Must be a US Citizen able to obtain an agency-specific Public Trust clearance prior to starting.
• 5-7 years of specialized experience in Cybersecurity and IT.
• Must reside within a commutable distance of Washington, DC or Reston, VA to work onsite as required.
• Significant knowledge in National Institute of Standards and Technology (NIST) Special Publications.
• Significant knowledge in the Federal Risk and Authorization Management Program (FedRAMP).
• Significant exposure to the various cloud platform offerings.
• Experience with Xacta.

Preferred:

• CISSP, CCSP, CIPP, CAP, CASP/GSLC/CISM/CSM or other industry standard security certifications

Cyber Security Innovations (CSI) is an equal opportunity employer committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. As a veteran-friendly employer, we encourage military veterans to apply.

This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. CSI makes hiring decisions based solely on qualifications, merit, and business needs at the time.

CSI participates in the E-Verify Employment Verification Program.