Security Control Assessor

Job Summary
We are seeking a highly motivated and detail-oriented Security Control Assessor to join our cybersecurity team. In this pivotal role, you will evaluate and validate the security posture of our IT infrastructure, ensuring compliance with industry standards and government regulations. Your expertise will help safeguard sensitive data, maintain system integrity, and support our organization’s commitment to robust information security practices. This position offers an exciting opportunity to work at the forefront of cybersecurity, applying your technical skills to assess vulnerabilities and recommend improvements across complex network environments.

Responsibilities

• Conduct comprehensive security assessments of IT systems, including cloud infrastructure, on-premises networks, and hybrid environments, utilizing frameworks such as NIST standards, FISMA, and FedRAMP.
• Review and analyze system security plans (SSPs), risk assessments, and vulnerability scans to identify potential weaknesses in network security controls.
• Evaluate the effectiveness of security controls related to firewalls, IDS (Intrusion Detection Systems), SIEM (Security Information and Event Management) tools, PKI (Public Key Infrastructure), and encryption protocols.
• Perform detailed IT auditing procedures to ensure compliance with NIST and FISMA standards specific to the organization’s location and industry requirements.
• Collaborate with system administrators and network engineers to validate configuration settings for information systems on premises, and cloud services such as AWS, Azure, Google Cloud Platform, and PaaS solutions.
• Assist in incident response activities by analyzing security incidents using tools like Splunk or other data analytics platforms; support incident recovery efforts through thorough documentation.
• Develop Secuirty Assessment Plans, present to leadership and retrieve concurrece prior to engagement.
• Provide detailed assessment reports outlining findings, risk levels, and recommended remediation strategies aligned with cybersecurity best practices.

Skills

• Working experience of the NIST 800-53 rev.5a security control assessments
• Extensive experience with security analysis methodologies aligned with NIST standards (e.g., SP 800-series), Risk Management frameworks.
• Working knowledge of conducting assessment interviews, requesting specific demos and shoulder surfing for validation security controls implementation.
• Knowledge of cloud computing security architectures including AWS, Azure, Google Cloud Platform; experience with cloud infrastructure security best practices.
• Hands-on experience with assessing system administration across Windows, Linux/Unix environments (including macOS) and databases.
• Familiarity with cybersecurity tools such as FIPS-compliant encryption modules, attack frameworks (e.g., MITRE ATT&CK), vulnerability research techniques and computer forensics.
• Ability to interpret complex technical data related to FISMA compliance requirements; strong analytical skills for data analysis and reporting.
• Excellent communication skills to clearly articulate technical findings to both technical teams and executive stakeholders; ability to work within an Agile development environment supporting SDLC processes.
• Experience in creating Plan of Act
• Join us in protecting vital information assets by applying your expertise in cybersecurity assessment! This role is ideal for professionals passionate about advancing organizational security posture through rigorous evaluation and continuous improvement efforts in a dynamic environment committed to excellence in information security management.

Pay: $70.00 - $85.00 per hour

Work Location: Remote