Cyber Security Consultant

We are seeking an experienced Cybersecurity Security Control Assessor (NIST RMF) to support cybersecurity efforts protecting systems and information. This role focuses on conducting security control assessments using the NIST Risk Management Framework (RMF) and supporting compliance, risk mitigation, and continuous monitoring initiatives.

Key Responsibilities:

• Perform security control assessments using the NIST Risk Management Framework (RMF) for DOJ ATR systems
• Utilize the Joint Cybersecurity Authorization Management (JCAM) system (formerly CSAM) to conduct assessments, manage security controls, and provide risk recommendations
• Collaborate closely with Information System Security Officers (ISSOs) and cross-functional teams to gather required documentation and system details
• Develop, maintain, and track Plans of Actions and Milestones (POA&Ms)
• Conduct vulnerability management activities, including validation of remediation efforts
• Stay current with federal cybersecurity regulations, standards, and best practices

NIST & Federal Security Knowledge:

Strong working knowledge of the following standards and publications from National Institute of Standards and Technology (NIST):

• SP 800-53 Rev. 5 – Security & Privacy Controls
• SP 800-53A Rev. 5 – Assessing Security & Privacy Controls
• SP 800-37 Rev. 2 – Risk Management Framework
• SP 800-137 – Information Security Continuous Monitoring (ISCM)
• SP 800-18 Rev. 1 – System Security Plans
• FIPS 199 & FIPS 200 – Security Categorization & Minimum-Security Requirements