Jan 23
Dept of Homeland Security
Mid Level Career (5+ yrs experience)
IT - Security
Arlington, VA (On-Site/Office)
This role is 5 days per week onsite in Arlington, VA.
Position title: Security Assessor
Requirements:
5+ years of independent security assessment experience
4-year degree from an accredited college or university in business/engineering
Minimum of two (2) years of FISMA experience.
Federal IT security assessment experience highly recommended
Duties and Responsibilities:
Conducting independent security assessments of Federal IT environments (on premise, Cloud (Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)) systems) and applications.
Leading and conducting assessment meetings as required.
Conducting independent assessments of security controls as documented in the System Security Plan (SSP).
Conducting risk assessments based on findings of security controls assessments.
Developing Security Assessment Report (SAR), documenting Plans of Action and Milestones (POA&Ms), and developing Executive Summaries (ES).
Technical Skills:
Experience with RMF and applying the NIST Cybersecurity Framework.
Experience using CSAM in an RMF Assessor role.
Solid understanding and application of NIST Special Publications including SP 800-53, SP 800-137, SP 800-171, and SP 800-37. Experience with Federal Risk and Authorization Management Program (FedRAMP).
Experience assessing systems and applications deployed in local and cloud environments following federal guidelines and best practices.
Ability to work with cooperatively and at a technical level with developers, engineers, and managers on system teams.
Knowledge of computer networking concepts, protocols, and network security methodologies.
Knowledge of risk management processes and tools (e.g., methods and tools for assessing and mitigating risks).
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy in a federal environment.
Knowledge of current and past cybersecurity threats and vulnerabilities.
Professional Skills:
Ability to effectively manage and prioritize multiple tasks and duties simultaneously while effectively coordinating and ensuring that scheduled delivery dates and milestones are achieved.
Able to communicate effectively in a accurate and concise manner through written and verbal means to system teams and product and cybersecurity leadership.
Ability to take initiative on assigned systems and related tasks and work with minimal supervision.
Ability to work and collaborate as part of an integrated team with diverse backgrounds.
Position title: Security Assessor
Requirements:
5+ years of independent security assessment experience
4-year degree from an accredited college or university in business/engineering
Minimum of two (2) years of FISMA experience.
Federal IT security assessment experience highly recommended
Duties and Responsibilities:
Conducting independent security assessments of Federal IT environments (on premise, Cloud (Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)) systems) and applications.
Leading and conducting assessment meetings as required.
Conducting independent assessments of security controls as documented in the System Security Plan (SSP).
Conducting risk assessments based on findings of security controls assessments.
Developing Security Assessment Report (SAR), documenting Plans of Action and Milestones (POA&Ms), and developing Executive Summaries (ES).
Technical Skills:
Experience with RMF and applying the NIST Cybersecurity Framework.
Experience using CSAM in an RMF Assessor role.
Solid understanding and application of NIST Special Publications including SP 800-53, SP 800-137, SP 800-171, and SP 800-37. Experience with Federal Risk and Authorization Management Program (FedRAMP).
Experience assessing systems and applications deployed in local and cloud environments following federal guidelines and best practices.
Ability to work with cooperatively and at a technical level with developers, engineers, and managers on system teams.
Knowledge of computer networking concepts, protocols, and network security methodologies.
Knowledge of risk management processes and tools (e.g., methods and tools for assessing and mitigating risks).
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy in a federal environment.
Knowledge of current and past cybersecurity threats and vulnerabilities.
Professional Skills:
Ability to effectively manage and prioritize multiple tasks and duties simultaneously while effectively coordinating and ensuring that scheduled delivery dates and milestones are achieved.
Able to communicate effectively in a accurate and concise manner through written and verbal means to system teams and product and cybersecurity leadership.
Ability to take initiative on assigned systems and related tasks and work with minimal supervision.
Ability to work and collaborate as part of an integrated team with diverse backgrounds.
group id: 90994518
