*** This role is for a full-time W2 employee. The role is not open to C2C or agencies. ***

This role is 80% remote & 20% on-site - requiring 1-day/week in downtown Washington DC.

Company Overview

Dragonfli Group is a cybersecurity firm that launched in 2008 with proven capabilities that assists clients in securing their mission-driven assets through cost-effective and automated manners. With multiple cybersecurity industry awards to our name, we are proud of the team we are growing and are seeking more driven and innovative cybersecurity professionals to join our Cyber Risk Practice.

As a valued member of our highly talented client service team, you will have the opportunity to work in a dynamic, collaborative environment where you will fortify organizations against cyberintruders, protect critical information, and strengthen resilience against malicious actors. We look forward to meeting you and supporting your success in a rewarding career.

Role Description

The Security Control Assessor will work across multiple functional teams (i.e., both technical and non-technical) in the assessment, development, and implementation of security controls pertaining to sensitive data/information for a major US government agency. The ideal candidate will have experience working in a client-facing position (i.e., strong communication skills, positive attitude), working knowledge of Risk Management Framework (RMF), specifically in NIST 800-53, and the ability to establish/maintain ATO packages and their associated artifacts. We are looking for a passionate information security professional who flourishes at being in the forefront of new ideas and has a desire to apply automated and cutting-edge practices.

Responsibilities

• Manage and maintain Government authorizations to operate (ATO).
• Create and update artifacts (i.e., SSP, hardware/software lists, PPSM, ISAs).
• Maintain communication with project engineers on the implementation of security controls and policy enforcement.
• Engage with the security control assessor (SCA) from the authorizing official (AO) office.
• Evaluate, develop and/or implement information assurance guidelines and procedures as required.
• Recommend security solution mitigations and enhancements supporting information assurance guidelines and customer requirements.
• Perform risk analysis of computer systems and applications during all phases of the system development life cycle.
• Ensure that all information systems meet or exceed compliance requirements.
• Identify, report, and ensure the resolution of security violations.
• Monitor and review the regular updates/upgrades to equipment and procedures in order to maintain pace with IA requirements and business needs.