Security Control Assessor – Subject Matter Expert
Freedom
contract
Posted on:
Location Type: Remote
Location: United States
Visit company websiteExplore more
About the role
- Ease Learning is seeking a qualified Subject Matter Expert (SME) with applied, real-world experience in Security Control Assessor to participate in a skills assessment validation engagement.
- Complete a practitioner-level skills assessment used for validation and standard-setting purposes.
- Complete a short post-assessment survey providing feedback on the assessment experience.
- This role does not involve teaching, instructional design, content creation, or ongoing advisory responsibilities.
Requirements
- The SME should be a current practitioner with applied, real-world experience related to the following knowledge areas and skills:
- Develop methods to monitor and measure risk, compliance, and assurance efforts
- Develop specifications ensuring risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements
- Draft statements of preliminary or residual security risks for system operation
- Maintain information systems assurance and accreditation materials
- Monitor and evaluate system compliance with IT security, resilience, and dependability requirements
- Conduct Privacy Impact Assessments (PIA) for appropriate security controls protecting PII
- Perform validation steps comparing actual results with expected results and analyze differences
- Plan and conduct security authorization reviews and assurance case development
- Provide accurate technical evaluation of software, systems, or networks documenting security posture and vulnerabilities
- Recommend new or revised security, resilience, and dependability measures based on review results
- Verify application/network/system security postures are implemented as stated and document deviations
- Develop security compliance processes and/or audits for external services (e.g., cloud providers, data centers)
- Knowledge of computer networking concepts, protocols, and network security methodologies
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
- Knowledge of cybersecurity principles, cyber threats, and vulnerabilities
- Knowledge of cyber defense and vulnerability assessment tools, including open source tools
- Knowledge of organization's evaluation and validation requirements
- Knowledge of cybersecurity principles used to manage risks related to use, processing, storage, and transmission of data
- Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins
- Knowledge of IT security principles and methods (e.g., firewalls, DMZs, encryption)
- Knowledge of current industry methods for evaluating and implementing IT security assessment and monitoring tools
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, XSS, SQL injection)
- Skill in determining how a security system should work including resilience and dependability capabilities
- Skill in discerning protection needs (security controls) of information systems and networks
- Knowledge of network security architecture concepts including topology, protocols, components (e.g., defense-in-depth, Zero Trust)
- Knowledge of relevant laws, policies, procedures related to critical infrastructure
- Knowledge of risk assessments and authorization per Risk Management Framework processes
- Knowledge of penetration testing principles, tools, and techniques
- Knowledge of security architecture concepts and enterprise architecture reference models
- Knowledge of security models (e.g., Bell-LaPadula, Biba, Clark-Wilson)
Benefits
- This is a flat-fee engagement, paid upon successful completion of the assessment and survey
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Security Control AssessorRisk managementPrivacy Impact Assessments (PIA)Security compliance processesCybersecurity principlesPenetration testingNetwork security methodologiesSecurity architecture conceptsValidation steps analysisInformation systems assurance