SME Security Control Assessor
Full Time • Hybrid - US
Benefits:
- Competitive salary
About this Role:
We are looking for a SME Security Control Assessor that supports security control assessment activities for HHS-ACF information systems by applying NIST security controls and frameworks to evaluate control implementation and effectiveness. This role is responsible for gathering, organizing, and documenting assessment evidence; conducting security testing and evaluations; and assisting with vulnerability scanning and analysis. The assessor leads security control interviews, supports continuous monitoring activities, and contributes to the development of assessment reports, briefings, and formal deliverables. Additionally, the role maintains assessment documentation and tracking artifacts, reviews security documentation, and assists in the development of Plans of Action and Milestones (POA&Ms). The SME Security Control Assessor I actively participates in team meetings and technical discussions to support compliance, risk management, and overall system security posture.
Key Responsibilities:
- Support security control assessment activities
- Gather and organize assessment evidence
- Document security control implementation
- Conduct security testing and evaluations
- Assist with vulnerability scans and analysis
- Create of assessment reports and briefings
- Maintain assessment documentation and tracking sheets
- Lead security control interviews
- Prepare assessment deliverables
- Applying NIST security controls and frameworks
- Support continuous monitoring activities
- Assist with security documentation review
- Contribute to Plans of Action and Milestones (POA&Ms) development
- Participate in team meetings and technical discussions
Qualifications and Skills:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
- 2+ years of experience in security control assessments
- Basic understanding of cybersecurity principles and concepts
- Knowledge of NIST frameworks and security controls
- Familiarity with common security tools and technologies
- Strong attention to detail
- Excellent organizational skills
- Basic technical writing abilities
- Proficiency in Microsoft Office suite
- Strong analytical and problem-solving skills
- Ability to follow detailed instructions and procedures
- Good communication skills
- Eagerness to learn and develop professional skills
- Basic understanding of networking concepts
- Ability to work effectively in a team environment
- Commitment to maintaining confidentiality and security protocols
- Familiarity with Risk Management Framework (RMF)
Desired Skills and Competencies:
- Security+ certification or in progress
- Basic understanding of FISMA requirements
- Experience with vulnerability scanning tools
- Knowledge of basic scripting or programming
- Familiarity with cloud computing concepts
- Understanding of basic system administration
- Experience with documentation management systems
- Knowledge of compliance frameworks
- Basic understanding of security assessment methodologies
- Familiarity with cybersecurity best practices
- Experience with technical documentation
- Interest in federal government cybersecurity
- Basic understanding of privacy principles
Additional Information:
Employment for this position is contingent upon the candidate being a United States citizen and having the ability to successfully obtain and maintain a Public Trust clearance, in accordance with applicable federal regulations. All hiring decisions will be made in compliance with applicable federal, state, and local laws and regulations
Equal Opportunity Employer:
We are an Equal Opportunity Employer and do not discriminate in employment decisions on the basis of race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, genetic information, veteran status, or any other status protected by applicable federal, state, or local laws. All employment decisions are based on business needs, job requirements, and individual qualifications.
Flexible work from home options available.
About Us
Our Approach
We firmly believe in the uniqueness of every business, necessitating a personalized approach to transformation. This conviction drives us to invest time in comprehending an organization's historical challenges and operational framework. Our commitment is to foster innovation by adopting a tailored strategy that optimizes the utilization of an organization's human resources and data assets. With a wealth of experience, we specialize in guiding organizations through the implementation of post-quantum security, protocols for autonomy, and artificial intelligence.
We are committed to working with clients to positively disrupt, modernize, and transform their organizations and business processes. Noteworthy achievements include initiatives aimed at enhancing human resilience in the food supply chain, leveraging autonomy for streamlined operations, establishing root-of-trust capabilities for high-quality, trusted data, and designing ecosystems and tools for securing and transferring digital value through digital wallets. . Our proficiency extends to using artificial intelligence and data to fortify security and enhance visibility in data assets, aiding in the management of health issues at local, state, and national levels. We've developed a modern security posture to effectively mitigate risks associated with cyber attacks from nation-states. Our wealth of experience is underpinned by collaborative work with diverse multidisciplinary teams, thriving in highly complex and rapidly changing environments.
Our Mission
Imagineeer's mission is to empower transformation through the operationalization of intuition. We establish an innovation pipeline, reimagining operations by delving into data analysis to optimize outcomes for our valued customers.
Collaborating closely with our clients, we strive to actualize the inherent genius embedded within their organizational structure. Our efforts focus on the transformation of organizations, emphasizing the development of foundational strengths in key areas, including data, personnel, hypothesis development, and the cultivation of a learning-from-failure mindset.
(if you already have a resume on Indeed)