Icon hamburger
What job do you want?
Apply to this job.
Think you're the perfect candidate?
Apply Now

You’re being taken to an external site to apply.

Enter your email below to receive job recommendations for similar positions.

Security Control Assessor

Apex Systems Alexandria Full-Time
Apply Now

Job Description:

  • Provide Assessment and Authorization (A&A) and Cybersecurity support, including the NIST Risk Management Framework (RMF), in a Federal Agency or Department of Defense (DoD) environment
  • Assess compliance with DoD security technical implementation guides (STIGs)
  • Provide guidance and direction on FISMA related activities IAW with NIST 800-37, DHS 4300A, and FedRAMP.
  • Review automated vulnerability scans, security test and evaluation (ST&E), vulnerability assessments, and document findings in Plans of Action and Milestones (POA&Ms) to determine the adequacy and effectiveness of remediation efforts.
  • Review and process Interconnection Security Agreements (ISAs), Policy waivers, Approval to Test (ATT), Interim Approval to Operate (IATO), and Authorization to Operate (ATO) security documents
  • Develop and execute Security Assessment Plans (SAPs)
  • Experience in interpretation and evaluation of implementations of NIST 800-53 rev 4 security controls as satisfied, or other than satisfied.
  • Document security control compliance findings (NIST 800-53 Rev 4) within Requirements Traceability Matrixes (RTMs) and Security Assessment Reports (SARs)
  • Create and maintain RMF Security Documentation packages using eMASS or DHS IACS/Xacta
  • Develop IT architecture deliverables, specific to information security countermeasure implementations, for both operational systems and systems under development
  • Develop IT security policies, standards, and guidance. 

Desired Candidate Qualifications

A successful candidate will become a subject matter expert (SME) in information technology, technical writing, and project management. Candidates should have strong skills in at least one of these three specialties and some experience, professional or otherwise, working with the remaining two areas.

The following is a list of related traits and skills we are looking for in a Security Controls Assessor candidate. First Info Tech does not expect that candidates will necessarily meet all of the items on this list.

  • Basic understanding of information security principles and risk assessment techniques
  • Advanced understanding of IT operations techniques
  • Experience completing or managing to completion projects/tasks/deliverables with minimal supervisory oversight
  • 2 or more  years hands-on experience in a Security Control Assessor position, or as a functioning Information System Security Officer (ISSO)
  • Strong familiarity with National Institute of Technology (NIST) Information Security Publications 800 Series
  • Experience developing and promulgating Security Assessment Plans.
  • Experience as the author of NIST System Security Plans (SSP), Contingency Plans (CP), Incident Response Plans (IRP), etc., is a plus
  • Strong verbal communication and presentation skills. Able to interview engineers on technical subject matter as well as brief executive level stakeholders
  • Advanced writing skills: able to clearly articulate ideas for executive level consumption as well as technical staff consumption
  • Advanced problem-solving skills: able to use prior experience and knowledge to address new situations; especially during interactions with clients
  • IAT-II certified (CompTIA Security+, GSEC, SSCP, or CCNA-Security)
  • Certified Information System Security Professional (CISSP) certification is a plus
  • Experience with DoD Connection Access Points, and ATO processes in both the NIST and DoD environments is a plus
  • Two or more  years functioning in an operational IT role with exposure to diverse IT architectures, demonstrating progressive growth of skills and responsibility
  • Bachelor’s degree, and/or demonstrated proficiency and experience in IT Security principles, practices

Position Requirements

  • Candidates must be United States Citizens
  • Minimum Secret level security clearance is required

EEO Employer

Apex is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at 844-463-6178


Recommended skills

Incident Response
Risk Analysis
Microsoft Antivirus
Information Security
Security Testing
Apply to this job.
Think you're the perfect candidate?
Apply Now

Help us improve CareerBuilder by providing feedback about this job: Report this job

Report this Job

Once a job has been reported, we will investigate it further. If you require a response, submit your question or concern to our Trust and Site Security Team

Job ID: 942703


For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn more.

By applying to a job using CareerBuilder you are agreeing to comply with and be subject to the CareerBuilder Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.