Security Control Assessor jobs in Washington

Agile Defense provides leading-edge Digital Transformation solutions to support and advance our customers' mission. We deliver innovative and high-quality services to our customers worldwide through an empowered and engaged workforce.

Requisition #: 252

Job Title: Security Control Assessor

Location: 1155 21st St NW Washington DC, District of Columbia 20581

Clearance Level: Active DHS Public Trust

Required Certification(s): 

·       CISSP, CISA, Associate of ISC2, CRISC, CISM, CAP, Security , or other industry-level cyber certification required.

SUMMARY

The Security Control Assessor (SCA) will support a government agency in the achievement of strategic goals and objectives related to the ongoing execution and maturity of its cybersecurity and Assessment and Authorization (A&A) programs.

The ideal candidate is a detail oriented, self-starter who thrives in fast-paced environments, enjoys working independently or as part of a team, and excels at guiding organizations through the Risk Management Framework process. The SCA has a passion for helping customers mature and measure their systems' security posture and performance and is experienced in the performance of activities, including but not limited to, A&A, Ongoing Authorization (OA), annual control assessment, and Common Control Provider (CCP) program implementation and maturity. In this role, the candidate will also develop and maintain policies, standards, and procedures to ensure compliance while working closely with customer stakeholders, system owners, designated Information System Security Officers, and supporting project teams. The candidate should be able to apply their understanding of FISMA, OMB regulations, and NIST standards to inform system owners and customer leadership of cybersecurity best practices.

JOB DUTIES AND RESPONSIBILITIES

·       Provide independent Security Assessment & Authorization (SA&A) support for agency information systems.

·       Conduct security control assessments for information systems in support of the A&A process according to NIST standards.

·       Maintain the appropriate degree of independence as required by the Authorizing Official, providing an unbiased and independent assessment of the system to ensure security controls adequately meet applicable requirements.

·       Assess the information system based on agency policies and provide recommended corrective actions to reduce risk associated with the system deficiencies and deviations from industry standards.

·       Collaborate with system personnel on identified deficiencies, complete the Security Assessment Report (SAR), and provide security authorization recommendations to the Certifying Official or AO.

SUPERVISORY DUTIES

·       This is a non-supervisory position.

QUALIFICATIONS

Required Certifications

·       CISSP, CISA, Associate of ISC2, CRISC, CISM, CAP, Security , or other industry-level cyber certification required.

Education, Background, and Years of Experience

·       Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems or related field preferred.

·       3 years of experience in cybersecurity, of those, at least 2 years in a GRC role or similar (Technology/IT Audit, Internal Audit, IT Consulting, etc.) supporting the assessment and authorization of systems, including continuous monitoring.

ADDITIONAL SKILLS & QUALIFICATIONS

Required Skills

·       3 years of experience in cybersecurity, of those, at least 2 years in a GRC role or similar (Technology/IT Audit, Internal Audit, IT Consulting, etc.) supporting the assessment and authorization of systems, including continuous monitoring.

·       CISSP, CISA, Associate of ISC2, CRISC, CISM, CAP, Security , or other industry-level cyber certification required.

·       Demonstrated experience with the A&A lifecycle using the NIST RMF.

·       Demonstrated experience and knowledge with assessing CCP Programs.

·       Demonstrated experience and knowledge of FedRAMP and Cloud Service Providers (CSP).

·       Demonstrated knowledge in the field of risk management and compliance to efficiently work on and apply frameworks including ISO, NIST CSF, NIST SP 800-53, NIST SP 800-171, NIST SP 800-137, NIST 1800 series, etc.

·       Demonstrated experience with the evaluation and compliance of security policies to align with OMB, DHS, NIST, CNSS, ICD, Congressional and other cybersecurity mandates, and directives.

·       Experience with Application Security Audits and Risk Scoring.

·       Experience ensuring controls meet legal, regulatory, privacy, policy, standards, and security requirements.

·       Maintains updated knowledge in the field of risk management and compliance to efficiently work on frameworks including NIST CSF, ISO, NIST SP 800-53, NIST SP 800-34 etc.

·       Strong critical thinking, verbal, written, and presentation skills a must.

Preferred Skills

·       Experience with STIG Viewer, SCAP Compliance Checker, Vulnerator, and/or Qualys vulnerability management preferred.

·       Experience with CSAM preferred. 

·       Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering preferred.

WORKING CONDITIONS

Environmental Conditions

·       Contractor site with 0%-10% travel possible. General office environment. Work is generally sedentary in nature but may require standing and walking for up to 10% of the time. The onsite customer working environment is generally favorable. Lighting and temperature are adequate, and there are not hazardous or unpleasant conditions caused by noise, dust, etc. Work at the customer location is generally performed within an office environment, with standard office equipment available.

Strength Demands

·       Sedentary – 10 lbs. Maximum lifting, occasional lift/carry of small articles.  Some occasional walking or standing may be required.   Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.

Physical Requirements

·       Stand or Sit; Walk; Repetitive Motion; Use Hands / Fingers to Handle or Feel; See; Push or Pull

Employees of Agile Defense are our number one priority, and the importance we place on our culture here is fundamental. Our culture is alive and evolving, but it always stays true to its roots. Here, you are valued as a family member, and we believe that we can accomplish great things together. Agile Defense has been highly successful in the past few years due to our employees and the culture we create together. We believe several attributes are the root of our very best employees and extraordinary culture. We have named these attributes “The 6 H’s” – Happy, Helpful, Honest, Humble, Hungry, and Hustle.

Happy: We exhibit a positive outlook in order to create a positive environment.

Helpful: We assist each other and pull together as teammates to deliver.

Honest: We conduct our business with integrity.

Humble: We recognize that success is not achieved alone, that there is always more to learn, and that no task is below us.

Hungry: We desire to consistently improve.

Hustle: We work hard and get after it.

These Core Values are present in all our employees and our organization's aspects. Learn more about us and our culture by visiting us here.

COVID-19 Vaccination Requirements

Agile Defense is subject to federal vaccine mandates or other customer/facility vaccination requirements as a federal contractor. As such, to protect its employees' health and safety and comply with customer requirements, Agile Defense may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)