United States onlyQualifications:
- Bachelor’s degree in Information Technology, Computer Science, or other related fields
- Active Top Secret clearance
- Must be familiar with the Risk Management Framework (RMF) and the NIST 800-53 Rev 5 controls.
- Must have experience using CSAM or other RMF approved system of record.
- Conduct an in-depth assessment of the management, operations, and technical security controls.
- Analyze information and prepare reports describing the vulnerability level of the network with specific details as to what compromises data systems.
- 2+ years of experience and hold the AWS Certified Cloud Practitioner certification and or one of the following certifications: CompTIA Security+ certification Certified Ethical Hacker (CEH), CompTIA Advanced Security Practitioner (CASP or CASP+), Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional (CISSP).
Duties:
- Conduct in-depth assessments of management, operational, and technical security controls within the organization’s IT environment.
- Evaluate systems in both on-premise and cloud-based infrastructures, including Amazon Web Services (AWS) platforms.
- Use tools such as CSAM (Cyber Security Assessment and Management) or other RMF-approved systems of record for documentation and reporting.
- Apply the Risk Management Framework (RMF) in all assessment activities.
- Ensure compliance with NIST 800-53 Revision 5 controls, assessing systems against federal standards for confidentiality, integrity, and availability.
- Develop and maintain plans of action and milestones (POA&Ms) to address identified security gaps.
- Analyze collected data to prepare comprehensive vulnerability assessment reports, outlining the level of risk and potential system compromise.
- Provide specific recommendations and remediation steps for discovered vulnerabilities.
- Create documentation plans to track corrective actions and maintain continuous monitoring.
- Engage in ongoing security monitoring to ensure that previously identified vulnerabilities are resolved and that new threats are promptly detected.
- Support continuous compliance with federal information assurance standards and agency-specific policies.
- Work independently and as part of a team to assess systems, communicate findings, and coordinate with system owners and other stakeholders.
- Present results and recommendations in written and oral formats that can be understood by both technical and non-technical audiences.
