Junior Security Assessor
Location - Washington, DC
**This position requires travel within the U.S. one week a month.
The Jr. Security Control Assessor (SCA) is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls.
The Security Control Assessor will provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities.
- Perform assessment of information systems, based upon the Risk Management Framework (RMF)
- Conduct security testing and security control assessments on federal applications and general support systems to ensure compliance with the NIST SP 800-53 Rev. 4, NIST 800-37 Rev.1, and agency-specific requirements.
- Evaluate Authorization packages and make authorization recommendations.
- Review and compile the security control implementations, test results, Security Assessment Reports (SARs), Plan of Action and Milestones (POA&M), risk acceptance recommendations, and risk mitigation strategies to support the recommendation for client risk acceptance authorization decisions.
- Technically assess both major application and general support system security configurations and implementation.
- Analyze results from vulnerability scanning tools such as Nessus, HP WebInspect, QualysGuard, AppDetective, and Burp Suite.
- Experience reviewing/updating SSP’s.
- Associates or Bachelor’s degree and 3-5 years of related work experience.
- 2+ years conducting security control assessments based on NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev.1.
- 1+ year of experience conducting analysis of vulnerability scan results.
- 1+ year of experience reviewing Security Assessment Plan (SAP), the System Security Plan (SSP), and the Security Control Traceability Matrix (SCTM)
- Possesses and applies comprehensive knowledge on multiple complex work assignments.
- Assignments may be broad in nature, requiring originality and innovation in determining how to accomplish tasks.
- Operates with appreciable latitude in developing methodology and presenting solutions to problems.
- Contributes to deliverables and performance metrics where applicable.