Security Controls Assessor
1 month ago
Coalfire Federal is a market leading cybersecurity consultancy firm that provides independent and tailored advice, assessments, technical testing and a full suite of cyber engineering services to Federal agency customers. Coalfire Federal along with its parent company, Coalfire, has an unparalleled client list with deep customer relationships with leading cloud and technology providers including Amazon, Microsoft, IBM, Google and Oracle and Federal agencies. Coalfire has been a cybersecurity thought leader for nearly 20 years, and has offices throughout the United States and Europe and is committed to making the world a safer place by solving our clients’ toughest security challenges.
We’re on the lookout for a Security Controls Assessor (SCA) to support our Federal team.
Location
Our clientele is largely in the government space, primarily within the Washington, D.C. / Maryland / Northern Virginia (DMV) areas. While we do offer opportunities that are remote, hybrid, or on-site - a position location and travel may vary based on client needs, and so local candidates may be preferred.
What you'll do
You’ll facilitate Security Control Assessments (SCAs) and possibly other advanced-level Continuous Monitoring Activities likely within cloud-based environments. To succeed in this position, you’ll need a strong understanding of security-related system controls and an understanding of the various testing methods utilized to ascertain the effectiveness of those controls. You will work in a team atmosphere with an experienced Technical Project Lead, and you’ll be assigned technical sections and be able to provide client-ready deliverables.
- Perform security reviews, identify gaps in security architecture, and develop a Security Assessment Plan and Security Assessment Report. Utilize the examine, interview, and test methodology to determine if control implementation meets Federal and Agency requirements.
- Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
- Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
- Provide weekly updates on assessment status.
- Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
- Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
- Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
- Assess the effectiveness of security controls.
- Assess all the configuration management (change configuration/release management) processes.
What you'll bring
- Computer networking concepts and protocols, and network security methodologies.
- Risk management processes (e.g., methods for assessing and mitigating risk).
- Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- Cybersecurity and privacy principles.
- Cyber threats and vulnerabilities, including application vulnerabilities.
- Specific operational impacts of cybersecurity lapses.
- Authentication, authorization, and access control methods.
- Applicable business processes and operations of customer organizations.
- Capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware.
- Cyber defense and vulnerability assessment tools and their capabilities.
- Server administration and client operating systems engineering theories, concepts, and methods.
- System software and organizational design standards, policies, and authorized approaches (e.g., international organization for standardization [iso] guidelines) relating to system design.
- System life cycle management principles, including software security and usability.
Education
Completed Bachelor’s degree from an accredited university, preferably in an IT related field.
Clearance / Suitability
Ability to obtain a clearance or a Public Trust is preferred, however all clearance levels and non-cleared applicants will also be considered.
Certifications
One or more of the following: CISSP, CISM, Security+, CISA, CAP, or equivalent industry recognized cybersecurity certification.
Years of Experience
- At minimum 5+ years of hands-on work experience with Assessor (SCA) duties; performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful security authorization of such systems.
Bonus Points
- Knowledge of GRC tools e.g., Xacta
- Knowledge of the NIST Cybersecurity Framework
- Cloud and or engineering related certifications
Why you'll want to join us
Our people make Coalfire Federal great. We work together on interesting things and achieve exceptional results. We act as trusted advisors to our customers and are committed to client-focused innovation as well as innovation in the industries that we serve.
Coalfire offers our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets. Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more.
You’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support memberships, and comprehensive insurance options.
Coalfire is an EEO employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
-
Security Control Assessor
4 weeks ago
Washington, United States Paragon IT Professionals Full timeParagon IT Professionals is seeking a Security Control Assessor for a long term contract. This is a remote position.*Must have Active DoD Secret Clearance and/or clearable for a Government Security Clearance.*Security Control AssessorThis new multi-year contract in conjunction with our existing portfolio of Government Risk Compliance customers has led to the...
-
Security Control Assessor II
1 month ago
Washington, United States Watermark Risk Management International, LLC Full timeJob Title: Security Control Assessor IIWatermark Risk Management International, LLC is seeking a highly skilled Security Control Assessor II to join our team. As a Security Control Assessor II, you will be responsible for conducting comprehensive assessments of management, operational, and technical security controls to determine their effectiveness in...
-
Security Controls Assessor
1 month ago
Washington, United States Coalfire Federal Full timeCoalfire Federal is a market leading cybersecurity consultancy firm that provides independent and tailored advice, assessments, technical testing and a full suite of cyber engineering services to Federal agency customers. Coalfire Federal along with its parent company, Coalfire, has an unparalleled client list with deep customer relationships with leading...
-
Security Control Specialist
1 month ago
Washington, United States Govcio LLC Full timeJob Title: Security Control AssessorGovCIO is seeking a highly skilled Security Control Assessor to join our team. As a Security Control Assessor, you will be responsible for conducting security control assessments of information systems and their environments of operation.Responsibilities:Conduct security control assessments to identify weaknesses and...
-
Security Control Specialist
4 weeks ago
Washington, United States Paragon IT Professionals Full timeSecurity Control Assessor Job DescriptionParagon IT Professionals is seeking a highly skilled Security Control Assessor to support our clients in the government sector. This is a remote position that requires a strong understanding of cybersecurity standards and regulations.Key Responsibilities:Apply comprehensive knowledge of cybersecurity concepts,...
-
Security Control Specialist
4 weeks ago
Washington, United States Insight Global Full timeJob SummaryWe are seeking a highly skilled Security Control Specialist to join our team at Insight Global. As a Security Control Specialist, you will be responsible for conducting security control assessments of all NIST 800-53 controls, reviewing and approving security plans, and performing configuration management of client central repositories.Key...
-
Security Controls Specialist
1 month ago
Washington, United States Coalfire Federal Full timeJob Title: Security Controls AssessorCoalfire Federal is a leading cybersecurity consultancy firm that provides independent and tailored advice, assessments, technical testing, and a full suite of cyber engineering services to Federal agency customers. With an unparalleled client list and deep customer relationships with leading cloud and technology...
-
Security Control Assessor
5 hours ago
Washington, United States General Dynamics Information Technology Full timeType of Requisition:RegularClearance Level Must Currently Possess:Top Secret/SCIClearance Level Must Be Able to Obtain:Top Secret SCI + PolygraphSuitability:Public Trust/Other Required:NoneJob Family:Information SecurityJob Qualifications:Skills:Information Security, Information Security Management, Information System SecurityCertifications:CASP CE+ -...
-
Security Control Assessor
4 days ago
Washington, United States General Dynamics Information Technology Full timeType of Requisition:RegularClearance Level Must Currently Possess:Top Secret/SCIClearance Level Must Be Able to Obtain:Top Secret SCI + PolygraphSuitability:Public Trust/Other Required:NoneJob Family:Information SecurityJob Qualifications:Skills:Information Security, Information Security Management, Information System SecurityCertifications:CASP CE+ -...
-
Security Control Specialist
1 month ago
Washington, United States General Dynamics Information Technology Full timeJob SummaryThe Security Control Assessor is a critical role within our organization, responsible for ensuring the effectiveness of our security controls. As a key member of our team, you will conduct comprehensive assessments of our management, operational, and technical security controls to identify areas for improvement.Key ResponsibilitiesConduct thorough...
-
Security Control Specialist
1 month ago
Washington, United States Bering Straits Native Corporation (BSNC) Full timeJob Title: Security Control AssessorJob Summary:Bering Straits Native Corporation (BSNC) is seeking a highly skilled Security Control Assessor to join our team. As a Security Control Assessor, you will be responsible for guiding system owners and designated IT security personnel in fulfilling Federal Information Security Management Act (FISMA)...
-
Security Control Specialist
4 weeks ago
Washington, Washington, D.C., United States Watermark Risk Management International, LLC Full timeJob Title: Security Control Assessor IIWatermark Risk Management International, LLC is seeking a highly skilled Security Control Assessor II to join our team. As a Security Control Assessor II, you will be responsible for conducting comprehensive assessments of management, operational, and technical security controls to determine their effectiveness in...
-
Lead Security Device Assessor
2 weeks ago
Washington, United States Valiant Solutions Full timeJob Title: Lead Security Device AssessorValiant Solutions is seeking a highly skilled and experienced Lead Security Device Assessor to join our team in the Washington DC Metro area. As a key member of our security team, you will be responsible for conducting thorough security assessments of our clients' devices and systems, identifying vulnerabilities, and...
-
Lead Security Device Assessor
2 weeks ago
Washington, United States Valiant Solutions Full timeJob Title: Lead Security Device AssessorValiant Solutions is seeking a highly skilled and experienced Lead Security Device Assessor to join our team in the Washington DC Metro area. As a key member of our security team, you will be responsible for assessing and evaluating the security of our clients' devices and systems.Key Responsibilities:Perform...
-
Security Controls Engineer
4 weeks ago
Washington, Washington, D.C., United States ManTech Full timeSecure Our Nation, Ignite Your FutureAt ManTech, we're seeking a highly skilled Security Controls Engineer to join our team in the DMV area. As a key member of our security team, you'll play a critical role in assessing and implementing security controls to protect our nation's security.Responsibilities:Assess and engineer security controls to meet system...
-
Security Controls Engineer
2 weeks ago
Washington, Washington, D.C., United States ManTech Full timeJob SummaryWe are seeking a highly skilled Security Controls Engineer to join our team at ManTech. As a key member of our security team, you will be responsible for assessing and implementing security controls to ensure the protection of our information systems.Key ResponsibilitiesAssess management, operational, and technical security controls employed...
-
Security Controls Engineer
2 months ago
Washington, Washington, D.C., United States ST2 ManTech Advanced Systems Intl Full timeJob SummaryST2 ManTech Advanced Systems Intl is seeking a highly skilled Security Controls Engineer to join our team. As a Security Controls Engineer, you will be responsible for assessing and implementing security controls to ensure the confidentiality, integrity, and availability of sensitive information.Key ResponsibilitiesAssess and implement security...
-
Assessor Staff
4 weeks ago
Washington, United States iTech Solutions Full timeLocation: Washington, DC (2 days a week onsite)Description:Assessor Staff must hold in good standing at least one (1) of the following IT Professional Certifications (or equivalent):o GIAC Systems and Network Auditor ( GSNA )o ISC2 Certified Authorization Professional ( CAP )o ISC2 Certified Information System Security Professional ( CISSP )o ISACA Certified...
-
Facility Condition Assessor
1 week ago
Washington, Washington, D.C., United States Omniscius Consulting Full timeJob OverviewOmniscius Consulting is seeking a skilled Facility Condition Assessor to join our team in Washington, DC.This role involves conducting thorough inspections of large, complex buildings and facilities to assess their condition and identify areas for improvement.The ideal candidate will have expertise in multiple areas of construction and be...
-
Facility Condition Assessor
5 days ago
Washington, Washington, D.C., United States Omniscius Consulting Full timeWe are seeking a skilled Facility Condition Assessor to support our customer in Washington, DC. This hybrid position involves performing inspections on large, complex, and diverse buildings/facilities.The role requires expertise and knowledge in multiple areas of construction to identify inventory and assess the condition of individual facility systems and...
