Cybersecurity Risk Assessor

Key Role:

Provide Cybersecurity testing and security control validation and assessment of technical and non-technical security features implemented on a system and network in support of the DoD risk management framework (RMF) assessment and authorization (A&A) process and legacy DoD information assurance certification and accreditation (DIACAP) on behalf of the authorizing official for multiple DoD programs. Validate security configurations to ensure they are implemented in accordance with DoD Cybersecurity policies, requirements, and directives, including compliance with Security Technical Implementation Guidance (STIG), Security Requirements Guides (SRGs), and checklists. Leverage automated testing tools and manual test methodologies to identify system vulnerabilities and noncompliance. Support the task lead in organizing and leading the A&A team through the accreditation process. Develop daily and weekly reports for team progress. Communicate difficult Cyber concepts to non-technical personnel.

Basic Qualifications:

-5+ years of experience in computer network design, network administration, software development, and mission analysis

-2+ years of experience with information security principles, guidelines, vulnerability analysis, risk management, and digital computer systems architecture and software

-Top Secret clearance

-HS diploma or GED

-IAT/IAM III and CISSP Certification

-Cybersecurity Assessor Professional (CAP) Certification or Risk Management Framework Security Assessor training

Additional Qualifications:

-2 years of experience as a trained risk management framework security assessor

-Experience with authoring comprehensive Risk Management Framework (RMF) packages independently. Proficiency with eMASS preferred

-Experience with performing technical security assessments, including vulnerability assessments, security control reviews, and system configuration checks to support RMF 

-Experience with planning and executing comprehensive Cybersecurity test events, including identifying applicable security controls, analyzing assessment procedures, and identifying and using required tools, including Retina, Nessus, Assured Compliance Assessment Solution (ACAS), or Security Content Automation Protocol (SCAP)

-Experience with performing manual testing methods and procedures using STIGs, SRGs, and checklists

-Ability to communicate effectively to diverse audiences both orally and in writing with excellent presentation skills

-BA or BS degree preferred

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Top Secret clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

DIG-AF

Not ready to apply? Join our talent community and sign up for job alerts.