TestPros, Inc.

Security Controls Assessor - Part time & Remote

TestPros, Inc.

contract

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Job Level

Mid-LevelSenior

Tech Stack

CloudCyber Security

About the role

  • Develop NIST 800-53 Rev5 based System Security Plan (SSP).
  • Create/Update the applicable documents identified by NIST 800-53 Rev 5, specifically the Security Assessment Report (SAR).
  • Create/Update the associated Plan of Actions and Milestones (POA&M).
  • Provide detailed security-related reports including data, analyses, and conclusions upon completion of tests, scans, and assessments, including mitigations and, if indicated, appropriate escalation of identified risks and vulnerabilities.
  • Verify and document the implementation of security controls necessary to achieve compliance.
  • Keep management apprised of impending areas of concern, verbally and in writing.
  • Review and develop System Security Plans (SSPs), Plans of Actions and Milestones (POA&Ms), and as well as other necessary artifacts.
  • Facilitate the Plan of Actions and Milestones (POA&M) program to ensure customer systems have accurately and fully provided information for POA&M activities to include valid remediation of findings.
  • Develop various policy documents (SOPs/CONOPs) as required.
  • This may include policies regarding Configuration Management, IS Sanitization, Media Security, Password Policy, Business Continuity, Continuity of Operations, Incident Response, Disaster Recover, and Security Assessments.
  • Develop new, and mature existing information security and risk policies.
  • Initiate, and lead on-going information security maturity assessment processes and training, using industry accepted frameworks and implement into the overall cyber security posture.
  • Produce and review key performance indicators for implemented security measures and distribute KPIs.
  • Maintain knowledge of threat landscape by monitoring threat intelligence, and other related sources.

Requirements

  • 5+ years of directly related experience in IT security compliance, including recent experience with NIST 800-53 Rev 5 "Security and Privacy Controls for Federal Information Systems and Organizations"
  • Cloud computing security
  • Security governance and policy
  • Security risk analysis
  • Auditing and monitoring systems
  • Scanning and vulnerability management systems
  • Advanced Malware Protection
  • Threat Intelligence
  • Incident Management - analysis, detection, and handling of security events
  • Penetration testing and associated tools (e.g., nmap, Metasploit, etc.)
  • Bachelor's Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training, or work experience (preferred)
  • Military and/or practical job experience may be considered in-lieu of formal education, with significant industry certifications