Enlightened is currently seeking a Security Control Assessor (SCA) Lead to provide onsite and offsite support primarily in Reston, VA or Washington, DC.
Duties will include:
- Co-Lead a team of security control assessors, review their work, and provide feedback on performance/deliverables.
- Lead and conduct security testing and security control assessments on federal applications and general support systems to ensure compliance with the NIST SP 800-53 Rev. 4, NIST 800-37 Rev.1, and agency-specific requirements.
- Technically assess both major application and general support system security configurations and implementation.
- Interface with federal employees and contractors to perform the security assessment activities. Responsible for assisting in the presentation of the vulnerability findings to the client.
- Analyze results from vulnerability scanning tools such as Nessus, HP WebInspect, QualysGuard, AppDetective, and Burp Suite.
- Interface with the clients related to the overall security control assessment program and all security control assessment activities which the candidate is responsible for leading.
- Develop Project Schedules, Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Plan of Action and Milestone (POA&M) Reports, and Executive-Level briefings.
Qualifications (minimum requirements, per the contract):
- Must be able to obtain and maintain a Public Trust clearance.
- At least 7 years of directly-related experience in Information Technology and/or Cybersecurity.
- Advanced understanding of NIST Special Publications (e.g., 800-53, 800-37) and NIST Risk Management Framework (RMF).
- 4+ years leading security control assessments based on NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev.1.
- 3+ years conducting security control assessments based on NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev.1.
- Experience serving in a lead role, managing tasks, schedules, resource allocation, and communication with key stakeholders, etc.
- Well-versed in a wide variety of security technologies (e.g. network firewalls, WAFs, VPNs, etc.) and the current state of Information Security, and be able to interpret the requirements of relevant governing bodies (NIST, OMB, GAO, etc).
- Experience conducting analysis of vulnerability scan results.
- Understanding of Unix/Linux (Solaris/Red Hat) and MS Windows Operating Systems.
- Advanced knowledge of general purpose vulnerability scanners (e.g., QualysGuard, Nessus).
- Experience implementing and auditing against security configuration checklists (e.g., DISA STIGs, CIS Benchmarks).
- Advanced proficiency with Microsoft Word, Excel, and Powerpoint.
- Ability to communicate effectively; strong documentation and communication (written and verbal) skills.
- Must hold an active Security Certification, such as Security+ CE, CAP, CASP, CISA, CISM, CISSP, GCED, or GCIH.
- Ability and willingness to travel approximately 10-15% of the time within in the Continental US.
- Knowledge and understanding of Cloud Security and FedRAMP.
- Self-motivated and able to work in an independent manner.
Desired Requirements (nice to have but not required):
- Bachelor's degree (Information Technology or Cybersecurity related field preferred, however not required).
- 7+ years of professional experience in Cybersecurity.
- Experience leading and conducting FedRAMP assessments.
- Experience configuring and conducting technical assessments using tools such as Nessus, HP WebInspect, AppDetective, BurpSuite, and QualysGuard.
- Understanding of/experience implementing DHS Continuous Diagnostics and Mitigation (CDM) program and requirements.
- Cloud security certification (e.g. CCSK, AWS).
- Experience working in CSAM.
Job Types: Full-time, Contract
Salary: $0.00 to $145,100.00 /year
- Health insurance
- Dental insurance
- Vision insurance
- Retirement plan
- Paid time off
- Flexible schedule
- Parental leave
- Professional development assistance
- Tuition reimbursement