What are the responsibilities and job description for the Senior Security/Technical Risk Asssessor position at Chameleon Integrated Services?
We are a growing information technology company that offers its employees a culture of success, the chance to work on revolutionary federal IT infrastructure, and the opportunity to grow alongside cutting-edge technology that is reshaping the industry. We are seeking forward thinking candidates that have strong experience in operational support and can help take to the next level in a pro-active stance.
Chameleon Integrated Services has expertise in operations management, quality systems, data operations and cybersecurity. We secure some of the most sensitive data for the Department of Defense and for other U.S. federal government agencies. We are known for the great care we take with clients and employees, and we believe in promoting from within.
We offer a Full Benefits package including:
- Competitive Employee Health Insurance options including dental
- 100% company paid vision plan
- 401K plan with generous company match and no vesting period
- 100% company paid life insurance
- 100% company paid long and short-term disability insurance
- Training allowance
- PTO and more
The Position:
Chameleon Integrated Services is currently looking for a Senior Security/Technical Risk Assessor to support one of our state level client in Jefferson City, MO.
This is a hybrid role that requires you to live within 50 miles of Jefferson City, MO.
Overview:
The Senior Security/Technical Risk Assessor will be responsible for performing advanced technical and analytical assessments of State of Missouri information systems, data exchanges, and network configurations supporting the MO HealthNet Division (MHD) and Information Technology Services Division (ITSD). Identify vulnerabilities, quantify risk exposure, and produce actionable mitigation recommendations. Work under the direction of the Project Manager/Lead Risk Assessment Manager to develop formal Security Assessment Reports (SARs), Risk Registers, and Mitigation Plans consistent with NIST and CMS MARS-E standards.
Responsibilities:
- Conduct end-to-end technical vulnerability assessments and threat modeling for applications, databases, interfaces, and network segments supporting Medicaid operations.
- Evaluate implemented controls against NIST SP 800-53, NIST SP 800-30, HIPAA Security Rule, CMS MARS-E, and ISO/IEC 27005 control baselines.
- Execute authenticated and unauthenticated scans using authorized tools such as Tenable Nessus, ACAS, Qualys, or comparable platforms; analyze results for exploitability, configuration drift, and residual risk.
- Assess hybrid infrastructures (on-premises, Azure Gov, AWS GovCloud, vendor-hosted) for compliance with FedRAMP and state security policy.
- Develop and maintain risk documentation packages, including Security Assessment Plans (SAPs), SARs, and detailed POA&M entries.
- Recommend technical, administrative, and procedural controls to reduce identified risk to acceptable thresholds.
- Support workshops, interviews, and documentation reviews with vendors, system owners, and State security officers.
- Provide traceability between findings, control families, and remediation actions to satisfy CMS audit and state oversight requirements.
- Contribute to the preparation of executive summaries and briefings for MHD/ITSD leadership and external auditors.
Skills & Abilities:
- Comprehensive understanding of NIST SP 800-30, NIST SP 800-37 RMF, ISO/IEC 27005, and HIPAA/HITECH frameworks.
- Familiarity with FedRAMP, Azure Government, and AWS GovCloud security control baselines.
- Proficient in developing risk registers, assessment reports, and POA&M tracking for systems containing Protected Health Information (PHI) and Personally Identifiable Information (PII).
- Understanding of AI Risk Management Framework (AI RMF) and its application to analytical systems supporting Medicaid operations.
- Strong analytical, documentation, and technical-writing abilities for drafting SARs, POA&Ms, and mitigation plans.
- Capable of articulating complex technical findings to executive and non-technical stakeholders.
- Team-oriented mindset with disciplined task tracking, version control, and evidence management to support audits.
- Proven reliability in meeting short-turn deliverable deadlines under multi-agency oversight.
- Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science, or a related technical discipline.
- Minimum 5 years of cybersecurity or information-assurance experience.
- Minimum 3 years conducting comprehensive security risk assessments or vulnerability analyses for enterprise IT systems or Medicaid-related programs.
- Demonstrated authorship of SARs or equivalent technical deliverables under NIST or ISO frameworks.
Certs:
- CISSP, CISM, CRISC, CISA, CEH, GSEC, or CompTIA Security
The Location: Jefferson City, MO (hybrid)
“We are an equal opportunity employer and all Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status”
Security
The Lumiere of Chesterfield Senior Living... -
Chesterfield, MO
Security
Tutera Senior Living and Health Care -
Chesterfield, MO
Senior Underwriting Specialist, Retail Property
Risk Specialists Companies Insurance Agency, Inc. -
Madison, IL