Position Overview:
At Sky Solutions, we are seeking highly motivated and detail-oriented individuals to join our team as Security Controls Assessors. In this role, you will be responsible for performing security controls assessments using NIST guidance in compliance with FISMA regulations. Your primary focus will be on evaluating and enhancing security controls, collaborating with key stakeholders, and generating comprehensive reports to ensure effective risk management.
Security Controls Assessor performs security controls assessments (SCA) using NIST guidance in compliance with FISMA.
Key responsibilities include:
- Interviewing key stakeholders (developers, ISSOs, users, administrators, etc.) to determine security controls implementation.
- Executing security control assessment plan by following provided assessment procedures, collecting and analyzing evidence, and documenting steps taken and findings noted.
- Updating System Security Plan with actual control implementation determined during assessment.
- Developing Security Assessment Report for management staff providing residual risk statement, impact, and suggested corrective actions.
Position Requirements
- Zero to two years of experience performing security assessments and/or audits (both technical and documenting) on information systems.
Theoretical or practical knowledge required in:
- Federal security test and evaluations
- Vulnerability Scanning and Remediation
- Plan of Action and Milestones (POA&M) Management
- System Change Management
- Contingency Plan Creation, Documentation, Implementation, Testing, Maintenance
- Interconnection Security Agreements, MOU, MOAs, Interface Connection Documents
- IT Security Engineering Life Cycle and Release Management
- Certification and Accreditation (C&A) / Security Assessment and Authorization (SA&A)
Familiarity with:
- NIST SP 800-18, 37, 53, 53A, 60
- OMB A-130a
Minimum Education:
- High School Diploma or higher.
- Bachelor's degree in Computer Science, Information Security, or related field preferred.
Core Experience:
- A minimum of 2 years of relevant experience in capturing information security operation or security requirements, and ensuring the requirements are properly addressees through development implementation, and configuration.
- Experience in implementing security controls, configuration changes, and software/hardware updates, vulnerability, and securing configurations within Government organizations, including their infrastructure, responsibilities, programs, and initiatives is preferred.
IT Certification(s)/License(s):
CCNA Security, CySA+/CSA+, GICSP, GSEC, Security+ CE, CND, SSCP, CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP, CAP, CASP+ CE, CISM, GSLC, CCISO, HCISPP, CEH, CySA+/CSA+, GSNA, CFR, PenTest+.
In lieu of a certification, graduation from minimum of a 2 year IT/Cybersecurity program at an accredited college or university may be substituted.
Special Note:
- This position requires a Modest Background Investigation by IRS
- People with existing IRS Clearance would be highly preferred.