Benefits:
Competitive salary
About this Role:
We are looking for a SME Security Control Assessor that supports security control assessment activities for HHS-ACF information systems by applying NIST security controls and frameworks to evaluate control implementation and effectiveness. This role is responsible for gathering, organizing, and documenting assessment evidence; conducting security testing and evaluations; and assisting with vulnerability scanning and analysis. The assessor leads security control interviews, supports continuous monitoring activities, and contributes to the development of assessment reports, briefings, and formal deliverables. Additionally, the role maintains assessment documentation and tracking artifacts, reviews security documentation, and assists in the development of Plans of Action and Milestones (POA&Ms). The SME Security Control Assessor I actively participates in team meetings and technical discussions to support compliance, risk management, and overall system security posture.
Key Responsibilities:
Support security control assessment activities
Gather and organize assessment evidence
Document security control implementation
Conduct security testing and evaluations
Assist with vulnerability scans and analysis
Create of assessment reports and briefings
Maintain assessment documentation and tracking sheets
Lead security control interviews
Prepare assessment deliverables
Applying NIST security controls and frameworks
Support continuous monitoring activities
Assist with security documentation review
Contribute to Plans of Action and Milestones (POA&Ms) development
Participate in team meetings and technical discussions
Qualifications and Skills:
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
2+ years of experience in security control assessments
Basic understanding of cybersecurity principles and concepts
Knowledge of NIST frameworks and security controls
Familiarity with common security tools and technologies
Strong attention to detail
Excellent organizational skills
Basic technical writing abilities
Proficiency in Microsoft Office suite
Strong analytical and problem-solving skills
Ability to follow detailed instructions and procedures
Good communication skills
Eagerness to learn and develop professional skills
Basic understanding of networking concepts
Ability to work effectively in a team environment
Commitment to maintaining confidentiality and security protocols
Familiarity with Risk Management Framework (RMF)
Desired Skills and Competencies:
Security+ certification or in progress
Basic understanding of FISMA requirements
Experience with vulnerability scanning tools
Knowledge of basic scripting or programming
Familiarity with cloud computing concepts
Understanding of basic system administration
Experience with documentation management systems
Knowledge of compliance frameworks
Basic understanding of security assessment methodologies
Familiarity with cybersecurity best practices
Experience with technical documentation
Interest in federal government cybersecurity
Basic understanding of privacy principles
Additional Information:
Employment for this position is contingent upon the candidate being a United States citizen and having the ability to successfully obtain and maintain a Public Trust clearance, in accordance with applicable federal regulations. All hiring decisions will be made in compliance with applicable federal, state, and local laws and regulations
Equal Opportunity Employer:
We are an Equal Opportunity Employer and do not discriminate in employment decisions on the basis of race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, genetic information, veteran status, or any other status protected by applicable federal, state, or local laws. All employment decisions are based on business needs, job requirements, and individual qualifications.
Flexible work from home options available.