Security Control Assessor
About The Position
*** This role is for a full-time W2 employee. The role is not open to C2C or agencies. ***
This role is 80% remote & 20% on-site - requiring 1-day/week in downtown Washington DC.
Dragonfli Group is a cybersecurity firm that launched in 2008 with proven capabilities that assists clients in securing their mission-driven assets through cost-effective and automated manners. With multiple cybersecurity industry awards to our name, we are proud of the team we are growing and are seeking more driven and innovative cybersecurity professionals to join our Cyber Risk Practice.
As a valued member of our highly talented client service team, you will have the opportunity to work in a dynamic, collaborative environment where you will fortify organizations against cyberintruders, protect critical information, and strengthen resilience against malicious actors. We look forward to meeting you and supporting your success in a rewarding career.
The Security Control Assessor will work across multiple functional teams (i.e., both technical and non-technical) in the assessment, development, and implementation of security controls pertaining to sensitive data/information for a major US government agency. The ideal candidate will have experience working in a client-facing position (i.e., strong communication skills, positive attitude), working knowledge of Risk Management Framework (RMF), specifically in NIST 800-53, and the ability to establish/maintain ATO packages and their associated artifacts. We are looking for a passionate information security professional who flourishes at being in the forefront of new ideas and has a desire to apply automated and cutting-edge practices.
- Manage and maintain Government authorizations to operate (ATO).
- Create and update artifacts (i.e., SSP, hardware/software lists, PPSM, ISAs).
- Maintain communication with project engineers on the implementation of security controls and policy enforcement.
- Engage with the security control assessor (SCA) from the authorizing official (AO) office.
- Evaluate, develop and/or implement information assurance guidelines and procedures as required.
- Recommend security solution mitigations and enhancements supporting information assurance guidelines and customer requirements.
- Perform risk analysis of computer systems and applications during all phases of the system development life cycle.
- Ensure that all information systems meet or exceed compliance requirements.
- Identify, report, and ensure the resolution of security violations.
- Monitor and review the regular updates/upgrades to equipment and procedures in order to maintain pace with IA requirements and business needs.
- 5-8 years’ experience working as Security Control Assessor
- Ability to pass a US government NACI clearance process
- Ability to effectively communicate with various stakeholders and team members
- Strong understanding of the Risk Management Framework (RMF) process and solid understanding of the System Development Life Cycle (SDLC)
- In-depth exp. with NIST CSF and 800-53 r5 framework
- Experience using CSAM
- Experience auditing and performing control assessments
- Experience using scanners or ability to assess vulnerability scan reports (i.e., Nessus)
- Demonstrated experience having taken a package from creation to full ATO
- Demonstrated analytical and problem-solving skills
- Experience with large scale technology organizations
- Certified Information Systems Security Professional (CISSP)
- Ability to identify needed changes to processes and activities and help to implement continuous improvement solutions
- Have experience creating various types of vulnerability and assessment scans with multiple tools
- Experience with OSCAL
- Insurance – Health, Dental, & Vision
- Disability Insurance
- Flexible spending account
$110,000 - $130,000 annualized salary based on qualifications, skills, and previous experience.