Role Description

We have an opening for a full-time Security Control Assessor to join our talented, dynamic team in support of the Department of Veterans Affairs. As a Security Control Assessor, you will be trusted to support the delivery of our cybersecurity solutions and services. In this role, you will be a part of a security control assessment team working on the tasks outlined below. Veterans are encouraged to apply.

Responsibilities:

• Lead a small team in coordinating and conducting security control assessment activities, stakeholder interviews, and report generation.
• Conduct independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37).
• Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
• Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
• Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
• Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

Qualifications

• Bachelor's degree in computer science, electronics engineering or other engineering or technical discipline is required, and will accept relevant experience in lieu of degree.
• 2+ years hands-on experience with Cybersecurity policy, risk management, or security and privacy control assessments.
• Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Knowledge of system and application security threats and vulnerabilities.
• Knowledge of Personally Identifiable Information (PII), Payment Card Industry (PCI), and Personal Health Information (PHI) data security standards.

Requirements

• Experience with security control assessments within the VA using the NIST Risk Management Framework (RMF) is a plus.
• Certifications such as SCA and CISA are a plus.
• Exceptional written and verbal communication skills.
• Strong planning, organizational, and time management skills.
• Exceptional analytical and conceptual thinking skills.
• Ability to work collaboratively with a team of peers.

Benefits

• Traditional and HSA-eligible medical insurance plans.
• 100% employer-paid dental and vision insurance options.
• 100% employer-sponsored STD, LTD, and life insurance.
• 5% 401(k) company matching.
• Flexible schedules and teleworking options.
• Paid holidays and PTO Accrual Plans.
• Paid Parental Leave.
• Professional development and career growth opportunities.
• Team and company-wide events, recognition, and appreciation.