Cybersecurity Assessor – CMMC

Work from home Full-time role Hiring

Job Description:

Conduct security control assessments for commercial and government customers to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within a system boundary.
Develop, document and review System Rules of Engagement (ROE), Security Assessment Plans (SAPs) and Security Assessment Reports (SARs).
Conduct kick-off meetings, develop associated schedules and resource plans to complete the assessments.
Responsible for quality control on the assessment and associated deliverables.
Develop practical and risk-based approaches for security control implementation and vulnerability remediation.
Review and provide feedback system boundaries, common controls, the security categorization of information systems, applicable security control baseline based on system categorization.
Review cyber/system/network security body of evidence and documentation for accuracy and completeness.
Lead Post Assessment Meetings with the customer.
Provide Plan of Action and Milestones (POA&M) support to ensure mitigations are completed or the teams are working to mitigate all vulnerabilities in a timely fashion and within customer policy timelines.
Perform continuous monitoring to ensure implemented security controls remain functional throughout the lifecycle of the information system.
Perform other duties as assigned.

Requirements:

Must be a US Citizen
Must be able to obtain and maintain favorable suitability determination by the CyberAB
BS/BA degree in Information Technology or related Cybersecurity field
5+ years of auditing and/or assessment experience
Thorough knowledge of cloud environments (services/security)
Strong background working with NIST 800-171 and/or NIST 800-53
Must have an active CCP certification listed in the CMMC Marketplace
Must have at least the following industry certifications for CCP CompTIA Security + (Sec+)
Must have at least one of the following industry certifications for CCA: Certified Information System Security Professional (CISSP), CompTIA Advanced Security Practitioner (CASP+ CE), Security X, CompTIA Cybersecurity Analyst (CySA+), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), Mile Two Certified or Certified Information Systems Security Officer (C|CISSO)

Benefits:

More open positions