Step 4 Security Controls Assessor – FedRAMP SME
1 day ago
ECS is seeking a Step 4 Security Controls Assessor – FedRAMP SMEto work in our Washington, DCoffice.Review and update existing information security policy, standards, and procedures based on federal and departmental regulations.Perform independent security and privacy control assessments in support of Security Assessment & Authorization (SA&A).Conduct assessments of existing and new FISMA systems, including subsystems in the respective system boundary, and communicate the results and potential implications of identified control weaknesses.Reviews and analyze, Assessment & Authorization (A&A) packages to include System Security Plans (SSP), Risk Assessments, Information System Contingency Plans (ISCP), Back-up Standard Operating Procedures (SOP), Incident Response Plans (IRP), Configuration Management Plans, (CMP), Hardware/Software lists, Network Diagrams, Data Flows, System Change Requests/Proposals, Vulnerability scan reports, test reports, and Plan of Actions & Milestones (POA&Ms) for completeness, accuracy, and document effectiveness of controls, plans and procedures implementation.Create and maintain test cases for security assessment testing and perform security testing at the control-requirement level for each unique component of each system (e.g., application, web application server, financial systems, database server/instance, operating systems, specialized appliances, network and infrastructure devices, and end-user devices (e.g., mobile phones, laptops, etc.).Develop and execute a security and privacy assessment plan in accordance with NIST SP 800-53A, as amended, requirements, for each security assessment project. SA&A activities shall include support for RMF steps 4-6Document and provide findings and recommendations that are concise, system-specific, and actionable.Analyze security tool reports and determine residual risk or false positives from technical reports and artifacts before assigning findings.Salary Range: $145,000 - $160,000General Description of BenefitsRequirements:Ten (10+) years experience in the cybersecurity field.Three (3+) years plus experience performing security control assessments in FedRAMP cloud environment.Experience in planning assessments and be a senior member in a team of security control assessorsExperience in presenting control requirements and deficiencies to both technical and non-technical audiences.Experience performing detailed, full-scope technical security control testing for each of the component types, including development of security and privacy assessment plans is required.Ability to analyze information system configurations and technical specifications against NIST SP and other overlaysPossesses a strong understanding of the NIST Special Publication security and privacy controls, the NIST Cybersecurity Framework and other information security and privacy laws and regulations.Experience with development and writing of risk-based documentation.Experience with Step 4 of RMF process- Assessing Security ControlsStrong written and verbal communication skills.Strong communication ability across all levels of management.Bachelor's degree or higher in Computer Science's, MIS/IT, Engineering, Information Security/IA, or related discipline to work requirementACTIVE Secret ClearanceReq Benefits:">
-
Cloud Security Control Assessor
2 weeks ago
Washington, Washington, D.C., United States Steampunk Full timeOverview:Steampunk wants you to be a Cloud Security Control Assessor on our team to support a government customer. The primary responsibilities for the position are to support all security assessment activities that ensure risk within the system is maintained at an acceptable level. The nature of the work requires that the candidate demonstrates initiative,...
-
Security Control Assessor
1 week ago
Washington, Washington, D.C., United States Tyto Athene, LLC Full timeTyto Athene is searching for aSenior Security Control Assessorto support our federal customer in Washington, DC.ResponsibilitiesSupport RMF steps 4 - assess, 5 - authorize, step 6 - monitor controls conducting system security assessments, supporting the system security authorization to operate process, and conducting annual assessments, respectivelyProduce...
-
Security Control Assessor
1 week ago
Washington, Washington, D.C., United States Tyto Athene, LLC Full timeTyto Athene is searching for a Senior Security Control Assessor to support our federal customer in Washington, DC.Responsibilities: Support RMF steps 4 - assess, 5 - authorize, step 6 - monitor controls: conducting system security assessments, supporting the system security authorization to operate process, and conducting annual assessments, respectively...
-
Washington, Washington, D.C., United States ClearanceJobs Full timeJob Description ECS is seeking a Sr. Security Risk Management SME/ Sr. Vulnerability Threat Assessment Analyst to work in our Washington, DC office. Overview ECS is seeking a Security Risk Management Subject Matter Expert (SME) to provide strategic technical advisory services for the Department of State (DOS) Bureau of Diplomatic Technology (DT). This senior...
-
Cloud Solution SME
1 day ago
Washington, Washington, D.C., United States Futran Solutions Full timeJob Title: Cloud Solution SME - Hybrid & Multi-CloudJob Location: Washington DC (fully onsite 5x/week)Length: (C/CTH/DH): 6 Month Contract to Hire*Independent VISA candidates only apply*Position Title:Cloud Solution Subject Matter Expert (SME) – Hybrid & Multi-Cloud* Veterans strongly encouraged to apply.Why is the position open?This role is open to...
-
Washington, Washington, D.C., United States Ramp Full timeAbout RampAt Ramp, we're rethinking how modern finance teams function in the age of AI. We believe AI isn't just the next big wave. It's the new foundation for how business gets done. We're investing in that future — and in the people bold enough to build it.Ramp is a financial operations platform designed to save companies time and money. Our all-in-one...
-
Cloud Solution SME
2 weeks ago
Washington, Washington, D.C., United States Network Designs Full timeAbout NDi:Network Designs, Inc. (NDi) is a leading Federal contractor that specializes in designing, developing, and delivering information technology and network solutions for government customers. Founded in 1985, NDi's firmly defined core values have driven all aspects of the business, which have been paramount to our company's success and the...
-
Deployment Specialist SME
2 weeks ago
Washington, Washington, D.C., United States Peraton Full timeAbout PeratonPeraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our...
-
Senior Security System
1 day ago
Washington, Washington, D.C., United States Tantus Technologies Full timeOverview:Tantus Technologies, Inc. (Tantus) - recognized by the Washington Post as a Top Workplace - is seeking an experienced Senior System Security / Information Assurance Analyst to lead and support enterprise cybersecurity initiatives across complex IT environments. This role is responsible for assessing, developing, and implementing robust security...
-
Cloud Network Security Architect SME
1 day ago
Washington, Washington, D.C., United States TOMORROW HIRE Full timeCloud Network Security Architect SME (TIC 3.0)Location: Fully Remote (East Coast)Clearance: Public Trust, Secret Clearance preferredEmployment Type: Full-timeSalary: $160,000-$190,000Role OverviewThe TIC 3.0 Developer SME will focus on architecting, implementing, and maintaining secure, compliant network environments in AWS with an emphasis on Trusted...
