Technical Security Control Assessor with Security Clearance
Overview Steampunk is looking for you to be the technical expert on a small and experienced team of cybersecurity assessment analysts in the conduct of independent security control assessments for a myriad of mission critical systems of our federal clientsYou'll be working with a larger team of ISSOs, cybersecurity SMEs, federal clients, and other stakeholders to conduct exploritory and deep technical dives into the security controls and implementations of multiple systems in an effort to rapidly and effectively identify shortfalls (and remediations) in the cybersecurity posture of our clients systemsOur endstate is that systems we conduct assessments on are left in a more safe and secure disposition than when we first encountered themSecurity of our clients systems is our missionIf you enjoy being handed a system and being asked identify all the security vulnerabilities of this system and help us come up with a plan to fix them, then this is your ideal next step in your career journeySteampunk is a proven, results-focused cybersecurity, leadership , and information technology services firm committed to support federal agencies that focus on protecting and defending our nation's homeland security, intelligence, and stabilityIn a rapidly changing threat landscape, we have the organizational agility, deep homeland security experience, cultural insight and multidisciplinary expertise to help our customers accomplish today's mission and anticipate tomorrow's demands, efficiently and cost-effectivelySteampunk professionals work with our federal agency customers in the administration and oversight of large government programs and initiativesAs a member of one of our DHS support teams, you will play an important role performing a wide array of security compliance and oversight tasks to successfully accredit and maintain accreditation of critical information systemsContributions You'll be asked to be a part of a small and elite team that will be conducting independent security control assessments of many IT systemsYou'll be asked to leverage your technical experience to identify security vulnerabilities and issues within the systems that may pose substansive cybersecurity risks to the organizations and clients we supportYou'll be given a license to hunt for cybersecurity threats within the documentation and technical inner workings of clients systems with a focus on making the cybersecurity posture of the system more safe each time you work on the systemQualifications Required
Qualifications:
Must have 7 years of IT experience (inclusive of 3 year of Cybersecurity experience) if you hold a BS or Master's Degree in an IT fieldOr, 10 years of IT experience (inclusive of 5 years of Cybersecurity experience) if you hold a BS in a non-IT fieldOr, 16 years of IT experience (inclusive of 7 years of Cybersecurity experience) if you do not have a degree.
o Past work experience as a software developer, IT engineer, or System Admino Strong problem-solving skillso Ability to communicate with technical and non-technical staffo May lead and direct work of others.
o Proficient with SSL certifications and encryptiono Proficient analyzing audit logs and vulnerability and compliance scans (OS, DB, and Web App)o Experience applying DISA STIGs or similar security configuration guide.
o Experience analyzing cloud securityo Possesses an active security/cybersecurity certification (such as CISSP, CISA, CAP,o U.
SCitizeno Public Trust Preferred
Qualifications:
o Familiarity with one or more of DHS Directive 4300A and NIST Special Pubs 800-30, 800-37, 800-39, 800-53, and 800-53Ao Experience as an Information System Security Officer (ISSO) or Security Control Assessor (SCA)o Experience performing Risk Analysis and Assessmento Should be able to support a minimum of four of the areas listed:
o Security Control Assessmento Security Code Analysiso Vulnerability Scan Anlysiso Product Evaluationo Document Review and Security Technical Writingo Risk Assessment and Risk Managemento 5 or more years directly supporting security of IT systems Demonstrated capabilities performing the following:
o Ensuring the automated monitoring of information system assets through Continuous Diagnostics and Mitigation (CDM) tools and sensorso Ensuring that security requirements for the assigned major application or general support system are being or shall be met;o Ensuring risk analyses are completed to determine cost-effective and essential safeguards in alignment with government and industry best practice (e.
gNIST 800-30, 37, 39);o Ensuring preparation of security plans for sensitive systems and networks;o Reporting IT security incidents (including computer viruses) in accordance with established procedures.
o Reporting security incidents not involving IT resources to the appropriate security office; and representing the security team as part of change management for assigned information systemsAbout steampunk Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectorsThrough our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challengesAs an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers - and rewarding them for outstanding contributions to our growthIf you want to learn more about our story, visit http:
//www.
steampunk.
com We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by lawSteampunk participates in the E-Verify program.
Recommended Skills Medicare Part D Medicaid Managed Care Supplementary Security Income (Ssi) Vicarious Liability Medicare Advantage Insurance Policies Estimated Salary: $20 to $28 per hour based on qualifications.
Qualifications:
Must have 7 years of IT experience (inclusive of 3 year of Cybersecurity experience) if you hold a BS or Master's Degree in an IT fieldOr, 10 years of IT experience (inclusive of 5 years of Cybersecurity experience) if you hold a BS in a non-IT fieldOr, 16 years of IT experience (inclusive of 7 years of Cybersecurity experience) if you do not have a degree.
o Past work experience as a software developer, IT engineer, or System Admino Strong problem-solving skillso Ability to communicate with technical and non-technical staffo May lead and direct work of others.
o Proficient with SSL certifications and encryptiono Proficient analyzing audit logs and vulnerability and compliance scans (OS, DB, and Web App)o Experience applying DISA STIGs or similar security configuration guide.
o Experience analyzing cloud securityo Possesses an active security/cybersecurity certification (such as CISSP, CISA, CAP,o U.
SCitizeno Public Trust Preferred
Qualifications:
o Familiarity with one or more of DHS Directive 4300A and NIST Special Pubs 800-30, 800-37, 800-39, 800-53, and 800-53Ao Experience as an Information System Security Officer (ISSO) or Security Control Assessor (SCA)o Experience performing Risk Analysis and Assessmento Should be able to support a minimum of four of the areas listed:
o Security Control Assessmento Security Code Analysiso Vulnerability Scan Anlysiso Product Evaluationo Document Review and Security Technical Writingo Risk Assessment and Risk Managemento 5 or more years directly supporting security of IT systems Demonstrated capabilities performing the following:
o Ensuring the automated monitoring of information system assets through Continuous Diagnostics and Mitigation (CDM) tools and sensorso Ensuring that security requirements for the assigned major application or general support system are being or shall be met;o Ensuring risk analyses are completed to determine cost-effective and essential safeguards in alignment with government and industry best practice (e.
gNIST 800-30, 37, 39);o Ensuring preparation of security plans for sensitive systems and networks;o Reporting IT security incidents (including computer viruses) in accordance with established procedures.
o Reporting security incidents not involving IT resources to the appropriate security office; and representing the security team as part of change management for assigned information systemsAbout steampunk Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectorsThrough our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challengesAs an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers - and rewarding them for outstanding contributions to our growthIf you want to learn more about our story, visit http:
//www.
steampunk.
com We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by lawSteampunk participates in the E-Verify program.
Recommended Skills Medicare Part D Medicaid Managed Care Supplementary Security Income (Ssi) Vicarious Liability Medicare Advantage Insurance Policies Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
