Visit our website Register with us

logo

View all jobs

Security Control Assessor (SCA)

Washington, DC · Information Technology
ASSYST is seeking a Security Control Assessor (SCA) to support our government customer Project based in Washington, DC.

This position is contingent upon contract award

Hybrid - Rockville, MD / Washington D.C

Responsibilities:
  • Configure, interpret, and identify vulnerabilities or false positives in web application, server, and database scans.
  • Plan and perform security control assessments for ESS customer systems in accordance with NIST SP 800-53 and SP 800-53A, using ESS LoB processes and guidance to support authority to operate (ATO) or annual assessment processes. Activities may include interviews, documentation reviews, physical security walkthroughs, and technical vulnerability testing.
  • Perform assessments of PCIF facilities and/or OpDivs in accordance with NIST 800-79 requirements for authorization of Personal Identity Verification (PIV) Card Issuers and Derived PIV Credential Issuers (DPCI).
  • Assist with identification and recommendation of PCIF Corrective Action Plans (CAPs).
  • Identify organizational security weaknesses in personnel controls, training, incident and emergency response, logical and physical security, operational security, and integrity of software applications and data.
  • Develop and deliver reports and presentations communicating findings of security control assessments.
  • Conduct vulnerability assessments on networks, servers, websites, and databases to support assessment activities.
  • Assess, review, update, and develop documentation to support ESS LoB in security controls assessment activities.
  • Provide input for weekly customer status reports and project plans.
  • Maintain tools, laptops, and testing materials.
  • Conduct on-site assessments of PCIF facilities across the continental U.S.
  • Demonstrate prior experience performing assessments validating and justifying compliance or non-compliance in accordance with NIST guidance, FISMA, and FISCAM.

Required Skills:
  • 5–8 years of IT security experience performing and configuring information security scans and evaluating system security controls.
  • Certifications such as CISSP or equivalent credentials for penetration testing and vulnerability assessment.
  • In-depth knowledge of IT security laws, directives, and policies relevant to Federal government agencies.
  • Understanding of security requirements across secured and non-secured environments.
  • Familiarity with IT security products (hardware, software, services), technologies, protocols, and best practices.
  • Experience performing technical evaluations and validating compliance/non-compliance with NIST, FISMA, and FISCAM for Federal agencies.
  • Knowledge of standard security policies and procedures, including ensuring testing machines and equipment remain physically secure and accessible only to authorized personnel.
  • Excellent written and oral communication skills.
  • Hands-on experience with vulnerability scanning and testing using tools for web application testing, server scanning, and manual system configuration validation.

Applications (may include but not limited to):
  • Nmap
  • Netcat
  • Nipper Studio
  • Microsoft Baseline Security Analyzer
  • Tenable Nessus
  • Security Center
  • Wireshark
  • Core Impact
  • IBM Appscan Standard
  • Burp Suite Professional
  • Application Security AppDetective Pro
  • WebInspect
ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law
 

Share This Job

Powered by