Security Controls Assessor – Hybrid
Coalfire
full-time
Posted on:
Location Type: Hybrid
Location: Washington • District of Columbia • Washington • United States
Visit company websiteExplore more
Tech Stack
About the role
- Perform security reviews, identify gaps in security architecture, and develop a Security Assessment Plan and Security Assessment Report.
- Utilize the examine, interview, and test methodology to determine if control implementation meets Federal and Agency requirements.
- Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
- Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
- Provide weekly updates on assessment status.
- Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
- Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
- Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risks.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
- Assess the effectiveness of security controls.
- Assess all the configuration management (change configuration/release management) processes.
Requirements
- Completed Bachelor’s degree from an accredited university, preferably in an IT related field.
- Ability to obtain a clearance or a Public Trust is preferred, however all clearance levels and non-cleared applicants will also be considered.
- One or more of the following: CISSP, CISM, Security+, CISA, CAP, or equivalent industry recognized cybersecurity certification.
- At minimum 5+ years of hands-on work experience with Assessor (SCA) duties; performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise databases leading to successful security authorization of such systems.
- Knowledge of GRC tools e.g., Xacta
- Knowledge of the NIST Cybersecurity Framework
- Cloud and or engineering related certifications
Benefits
- paid parental leave
- flexible time off
- certification and training reimbursement
- digital mental health and wellbeing support memberships
- comprehensive insurance options
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
security reviewssecurity architectureSecurity Assessment PlanRisk Management Frameworksecurity controlsconfiguration managementsystems security assessmentssecurity documentationsecurity upgradescybersecurity development
Soft Skills
communicationorganizationalinterpersonalleadership
Certifications
CISSPCISMSecurity+CISACAP