Cloud Security Control Assessor

Steampunkwants you to be aCloudSecurity Control Assessoron our teamto support a government primary responsibilities for the position are to support allsecurity assessmentactivities that ensureriskwithinthesystemismaintainedat an acceptable level.The nature of the work requires that the candidatedemonstratesinitiative organization responsibility customer service skills and the ability to be flexible and adaptive to a fast-paced fluid business environment.The candidate must be able to communicate effectively and decisively with all levels of the organization and be able to solve practical problems as well as exercise sound judgement with regards to sensitive and confidential information.

As a member of one of ourassessmentteams you will playan importantroleinperforming a wide array ofcybersecurity duties including:

• Lead security assessmentsin accordance withNIST SP 800-53 NIST RMF (SP 800-37)FedRAMPand agency-specific guidance.

• Evaluate technical operational andmanagementcontrols across cloud on-premises and hybrid environments.

• Develop Assessment PlansandSecurity Assessment Reports (SARs).

• Coordinate with Information System Security Officers (ISSOs) System Owners and authorization officials to review evidence and mitigate control deficiencies.

• Analyze vulnerability scans configuration baselines and penetration test results todetermine controleffectiveness.

• Provide technical recommendations to remediate weaknesses and strengthen security posture.

• Maintain assessment documentation in compliance with organizational and federal standards (e.g. FISMA FedRAMP).

• Present findings and risk analysis to management and Authorization Officials (AOs).

• Support continuous monitoring processes and control validation efforts for ongoing authorization.

• Bachelors Degree and 5 years of relevant IT cybersecurity experience; OR

• No degree with a total often(10) years of cybersecurity experience includingtwo(2) years of FISMA experience.

• One of the following certifications (may be obtained within six (6) months of hire):

• Certified Information System Security Professional (CISSP)

• CompTIA Advanced Security Practitioner (CASP)

• Certified Information Systems Auditor (CISA)

• Certified Information Security Manager (CISM)

• Familiarity with one or more:DHS Directive 4300A and NIST Special Pubs0-60.

• Strong understanding of NIST SP 800-53 controls FIPS publications199 and 200 and cybersecurity compliance standards.

• Hands-on experience reviewingsecurity controlartifactsrelated to the NIST SP 800-53controls.

• Proficiencywith assessment tools (e.g. Nessus Splunk SCAP scanners).

• Direct experience providing independent evaluations for system authorization packages including in cloud environments (AWS Azure etc.).

• Analytical skills to interpret vulnerabilities compliance gaps and potential threats in diverse systems.

• Understands the difference between cloud and non-cloud security control baselines.

Preferred Qualifications:

• Experience as an Information System Security Officer (ISSO).

• Experience with Vulnerability Configuration and Asset Management tools in support of Continuous Monitoring.

• Excellent analytical written and verbal communication skills.

• Strong attention to detail in preparing federal security documentation.

• Experience with:

• POA&M management

• Performing Security Authorization

• Performing Risk Analysis and Assessment

• CSAM or similar toolGRC tool

Preferred Skills:

• Experience providing ISSO support to DHS

• Experience supporting systems hosted in Cloud environments.

• Experience supporting systems in Agile and DevOps environments

Steampunk relies on several factors to determine salary including but not limited to geographic location contractual requirements education knowledge skills competencies and experience. The projected compensation range for this position is $115000 to $165000. The estimate displayed represents a typical annual salary range for this position. Annual salary is just one aspect of Steampunks total compensation package for employees. Learn more about additional Steampunk benefits here.

Identity Statement

As part of the application process you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

Steampunk is a Change Agent in the Federal contracting industry bringing new thinking to clients in the Homeland Federal Civilian Health and DoD sectors. Through our Human-Centered delivery methodology we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges. As an employee owned company we focus on investing in our employees to enable them to do the greatest work of their careers and rewarding them for outstanding contributions to our growth. If you want to learn more about our story visit .