Senior Security Control Assessor (SCA)
Job title: Senior Security Control Assessor (SCA) in Washington DC at Coalfire Federal
Company: Coalfire Federal
Job description: About Coalfire:Coalfire Federal is a market leading cybersecurity consultancy firm that provides independent and tailored advice, assessments, technical testing and a full suite of cyber engineering services to Federal agency customers. Coalfire Federal along with its parent company, Coalfire, has an unparalleled client list with deep customer relationships with leading cloud and technology providers including Amazon, Microsoft, IBM, Google and Oracle and Federal agencies. Coalfire has been a cybersecurity thought leader for over 20 years and has offices throughout the United States and Europe and is committed to making the world a safer place by solving our clientsâ toughest security challenges.But thatâs not who we are â thatâs just what we do.We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.Weâre currently seeking Senior Security Control Assessors (SCA) to support our team.Position SummaryAs a Senior Security Control Assessor, you'll be communicating methods, principles, and concepts that support the client's network infrastructure. You'll manage successful assessment engagements, and brief stakeholders and senior leadership on identified risks.LocationOur clientele is largely in the government space, primarily within the Washington, D.C. / Maryland / Northern Virginia (DMV) areas. While we do offer opportunities that are remote, hybrid, or on-site - this position location and travel may vary based on client needs, therefore local candidates with the availability to go on site on a hybrid basis are highly preferred. What you'll do:
Perform security reviews, identify gaps in security architecture, and develop a Security Assessment Plan and Security Assessment Report. Utilize the examine, interview, and test methodology to determine if control implementation meets Federal and Agency requirements.
Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
Provide weekly updates on assessment status.
Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
Experience with HVA and RVA
Assess the effectiveness of security controls.
Assess all the configuration management (change configuration/release management) processes.
What you'll bring:
Computer networking concepts and protocols, and network security methodologies.
Risk management processes (e.g., methods for assessing and mitigating risk).
Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Cybersecurity and privacy principles.
Cyber threats and vulnerabilities, including application vulnerabilities.
Specific operational impacts of cybersecurity lapses.
Authentication, authorization, and access control methods.
Applicable business processes and operations of customer organizations.
Capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware.
Cyber defense and vulnerability assessment tools and their capabilities.
Server administration and client operating systems engineering theories, concepts, and methods.
System software and organizational design standards, policies, and authorized approaches (e.g., international organization for standardization [iso] guidelines) relating to system design.
System life cycle management principles, including software security and usability.
EducationCompleted Bachelorâs degree from an accredited university, preferably in an IT related field.Clearance / SuitabilityAbility to obtain a clearance or a Public Trust is preferred, however all clearance levels and non-cleared applicants will also be considered.Certifications
One or more of the following: CISSP, CISM, Security+Years of ExperienceOverall 7 - 10 years of information security experience relative to the position qualifications.Bonus Points:
Knowledge of GRC tools e.g., Xacta
Knowledge of the NIST Cybersecurity Framework
Cloud and or engineering related certifications
Why you'll want to join us:Our people make Coalfire Federal great. We work together on interesting things and achieve exceptional results. We act as trusted advisors to our customers and are committed to client-focused innovation as well as innovation in the industries that we serve.Coalfire offers our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets. Regardless of location, youâll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. Youâll have opportunities to join employee resource groups, participate in in-person and virtual events, and more.And youâll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.Coalfire is an EEO employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Expected salary:
Location: Washington DC
Apply for the job now!
Apply Now
Company: Coalfire Federal
Job description: About Coalfire:Coalfire Federal is a market leading cybersecurity consultancy firm that provides independent and tailored advice, assessments, technical testing and a full suite of cyber engineering services to Federal agency customers. Coalfire Federal along with its parent company, Coalfire, has an unparalleled client list with deep customer relationships with leading cloud and technology providers including Amazon, Microsoft, IBM, Google and Oracle and Federal agencies. Coalfire has been a cybersecurity thought leader for over 20 years and has offices throughout the United States and Europe and is committed to making the world a safer place by solving our clientsâ toughest security challenges.But thatâs not who we are â thatâs just what we do.We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.Weâre currently seeking Senior Security Control Assessors (SCA) to support our team.Position SummaryAs a Senior Security Control Assessor, you'll be communicating methods, principles, and concepts that support the client's network infrastructure. You'll manage successful assessment engagements, and brief stakeholders and senior leadership on identified risks.LocationOur clientele is largely in the government space, primarily within the Washington, D.C. / Maryland / Northern Virginia (DMV) areas. While we do offer opportunities that are remote, hybrid, or on-site - this position location and travel may vary based on client needs, therefore local candidates with the availability to go on site on a hybrid basis are highly preferred. What you'll do:
Perform security reviews, identify gaps in security architecture, and develop a Security Assessment Plan and Security Assessment Report. Utilize the examine, interview, and test methodology to determine if control implementation meets Federal and Agency requirements.
Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
Provide weekly updates on assessment status.
Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
Experience with HVA and RVA
Assess the effectiveness of security controls.
Assess all the configuration management (change configuration/release management) processes.
What you'll bring:
Computer networking concepts and protocols, and network security methodologies.
Risk management processes (e.g., methods for assessing and mitigating risk).
Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Cybersecurity and privacy principles.
Cyber threats and vulnerabilities, including application vulnerabilities.
Specific operational impacts of cybersecurity lapses.
Authentication, authorization, and access control methods.
Applicable business processes and operations of customer organizations.
Capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware.
Cyber defense and vulnerability assessment tools and their capabilities.
Server administration and client operating systems engineering theories, concepts, and methods.
System software and organizational design standards, policies, and authorized approaches (e.g., international organization for standardization [iso] guidelines) relating to system design.
System life cycle management principles, including software security and usability.
EducationCompleted Bachelorâs degree from an accredited university, preferably in an IT related field.Clearance / SuitabilityAbility to obtain a clearance or a Public Trust is preferred, however all clearance levels and non-cleared applicants will also be considered.Certifications
One or more of the following: CISSP, CISM, Security+Years of ExperienceOverall 7 - 10 years of information security experience relative to the position qualifications.Bonus Points:
Knowledge of GRC tools e.g., Xacta
Knowledge of the NIST Cybersecurity Framework
Cloud and or engineering related certifications
Why you'll want to join us:Our people make Coalfire Federal great. We work together on interesting things and achieve exceptional results. We act as trusted advisors to our customers and are committed to client-focused innovation as well as innovation in the industries that we serve.Coalfire offers our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets. Regardless of location, youâll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. Youâll have opportunities to join employee resource groups, participate in in-person and virtual events, and more.And youâll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.Coalfire is an EEO employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Expected salary:
Location: Washington DC
Apply for the job now!
Apply Now