Summary Security Assessor Remote Are you ready to enhance your skills and build your career in a rapidly evolving business climate? Are you looking for a career where professional development is embedded in your employer’s core culture? If so, Chenega Military, Intelligence & Operations Support (MIOS) could be the place for you! Join our team of professionals who support large-scale government operations by leveraging cutting-edge technology and take your career to the next level!  We deliver essential technology services to our customers in support of their missions to sustain the national security and economic interests of our nation. SecuriGence is seeking a Security Assessor to support the Health and Human Services Administration for the Community Living Enterprise IT Services Program. The Security Assessor will play a critical role in ensuring the security and compliance of the HHS ACL EITS program's information systems. The individual will be responsible for assessing security controls, conducting security audits, and developing secure architectures that align with federal regulations and guidelines, such as FISMA, NIST 800-53, and FedRAMP. The Security Assessor/Security Architect will collaborate with key stakeholders, including the Information System Security Officer (ISSO), Cloud Infrastructure Architect, and other program teams, to ensure a secure and resilient environment. Responsibilities - Conduct comprehensive security control assessments of the HHS ACL EITS systems to ensure compliance with FISMA, NIST 800-53, FedRAMP, and other federal regulations. - Prepare and present security assessment reports to senior management and government stakeholders. - Develop and maintain secure architecture designs that comply with federal security standards, ensuring the system's confidentiality, integrity, and availability. - Collaborate with the Cloud Infrastructure Architect and Application Developers to integrate security controls into system design and implementation. - Implement security by design principles and ensure all software, systems, and infrastructure meet stringent security requirements. - Conduct risk assessments to identify and prioritize risks associated with information systems. - Develop and implement risk mitigation strategies, ensuring that all identified risks are managed appropriately and in alignment with government standards. - Ensure that security documentation, such as System Security Plans (SSPs) and Risk Management Framework (RMF) artifacts, are up-to-date and accurately reflect the system's security posture. - Perform regular vulnerability assessments and penetration testing to identify and remediate security weaknesses in the system. - Assist in the preparation and execution of Authorization and Accreditation (A&A) packages, ensuring compliance with NIST RMF and supporting the program's ongoing operations. - Work closely with the Authorizing Official (AO) to ensure timely authorization of systems and assist in maintaining an accurate and updated authorization status. - Assist in the incident response process, investigating and reporting security breaches, unauthorized access, and other security incidents. - Lead forensic investigations to determine root causes of incidents and provide recommendations for remediation. - Prepare post-incident reports detailing the findings and actions taken to prevent future occurrences. - Develop and deliver security awareness training for staff and stakeholders, ensuring everyone understands their role in maintaining the program's security. - Foster a security-first mindset across the program to ensure all team members contribute to the protection of information assets. - Other duties as assigned. Qualifications - Bachelor's degree in Cybersecurity, Information Technology, or additional experience in Lieu of a degree. - 5+ years of experience in security architecture, security assessment, or a related cybersecurity role within a federal or government environment. - Certification in the following is preferred: - Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), or Certified Cloud Security Professional (CCSP) certification - Certified Information Systems Security Professional (CISSP), or equivalent experience and knowledge commensurate with certification requirements - Background check with the ability to pass a Public Trust Background Investigation Knowledge, Skills, and Abilities: - Extensive experience with NIST RMF, FISMA, FedRAMP, and other federal security frameworks. - Familiarity with cloud security architectures, particularly in Microsoft Azure and/or AWS environments. - Strong understanding of vulnerability management, penetration testing, and forensic investigation tools. - Experience with SIEM tools, security monitoring, and incident response frameworks. How you’ll grow  At Chenega MIOS, our professional development plan focuses on helping our team members at every level of their careers to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn.    We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their careers.    Benefits  At Chenega MIOS, we know that great people make a great organization. We value our team members and offer them a broad range of benefits.  Learn more about what working at Chenega MIOS can mean for you.    Chenega MIOS’s culture  Our positive and supportive culture encourages our team members to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them be healthy, centered, confident, and aware. We offer well-being programs and continuously look for new ways to maintain a culture where we excel and lead healthy, happy lives.    Corporate citizenship  Chenega MIOS is led by a purpose to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our team members, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.  Learn more about Chenega’s impact on the world.  Chenega MIOS News- https://chenegamios.com/news/    Tips from your Talent Acquisition Team  We want job seekers exploring opportunities at Chenega MIOS to feel prepared and confident. To help you with your research, we suggest you review the following links:  Chenega MIOS web site - www.chenegamios.com  Glassdoor - https://www.glassdoor.com/Overview/Working-at-Chenega-MIOS-EI_IE369514.11,23.htm  LinkedIn - https://www.linkedin.com/company/1472684/  Facebook - https://www.facebook.com/chenegamios/ Teleworking Permitted? Yes Teleworking Details 100% Remote Estimated Salary/Wage USD $103,400.00/Yr. Up to USD $140,000.00/Yr.

Role Description SkyePoint Decisions is seeking a Senior Security Control Assessor to join our team supporting a government contract. This is a remote position. - Perform security reviews to identify architectural gaps and provide recommendations for risk mitigation. - Conduct risk analyses (e.g., threats, vulnerabilities, probability of occurrence) during significant system/application changes. - Plan and execute security authorization reviews, assurance case development, and audits for system installations and networks. - Provide input to the Risk Management Framework (RMF) and related documentation, including lifecycle support plans, CONOPS, and operational procedures. - Review authorization packages and assurance documents to confirm risk levels are acceptable for systems, applications, and networks. - Verify that system, network, and application security postures are implemented as designed, documenting deviations and recommending corrective actions. - Assess the effectiveness of implemented security controls across management, operational, and technical areas. - Support compliance activities by ensuring security configuration guidelines and standards are followed. - Evaluate configuration management and release processes for security impacts. - Define/document how new systems or interfaces affect the organization’s current security posture. - Develop security compliance processes and perform audits of external services (e.g., CSPs, data centers). - Ensure Plans of Action & Milestones (POA&Ms) and remediation plans are established for vulnerabilities. - Participate in Risk Governance processes by presenting risks, mitigations, and technical assessments. - Support acquisition and procurement efforts to ensure information security requirements are integrated. - Produce reports, briefings, and technical documentation reflecting assessment results and recommendations. Qualifications - Must be able to obtain a High Risk/Public Trust Security Clearance. - 7+ years of relevant IT/cybersecurity experience. - Certification in one of the following: A+, Net+, or Security+. - Degree in a technical/cyber-related field (or equivalent experience/certifications). - Proficiency in assessing security controls against standards (e.g., NIST SP 800-53, CIS CSC, Cybersecurity Framework). - Strong skills in vulnerability scanning, penetration testing principles, and interpreting results. - Ability to conduct risk, impact, and compliance assessments. - Skill in technical documentation, briefings, and audit reporting. - Proficiency in security architecture review and system design evaluation. - Knowledge of secure coding principles and application security (e.g., OWASP Top 10). - Experience applying confidentiality, integrity, availability, authenticity, and non-repudiation principles to systems and networks. - Familiarity with compliance frameworks and security assessment tools. - Strong analytical, technical writing, and communication skills are essential. - Knowledge of Risk Management Framework (RMF) and Security Assessment & Authorization (SA&A) processes. - Knowledge of security architecture concepts, enterprise reference models, and assessment methodologies. - Knowledge of network security protocols, models, and configurations (including defense-in-depth). - Working knowledge of government compliance standards and assessment processes. - Knowledge of cyber threats, vulnerabilities, and operational impacts of lapses. - Knowledge of information security principles and methods (e.g., encryption, access control, PKI). - Knowledge of applicable laws, directives, and compliance requirements (e.g., NIST SP 800-161, FISMA, FedRAMP). - Knowledge of system and application security threats (e.g., injection flaws, cross-site scripting, buffer overflow). - Knowledge of IT supply chain security and risk management practices. - Knowledge of cyber defense and vulnerability assessment tools. - Working knowledge of IRS Safeguards. - Must be a U.S. citizen. Preferred Qualifications - Active Secret or Top Secret security clearance. - CISSP or CISM. - Ability to evaluate and synthesize risk assessment data into actionable findings. - Ability to clearly communicate technical and risk information to technical and non-technical audiences. - Ability to assess vulnerabilities and recommend corrective actions. - Ability to apply judgment in ambiguous or evolving situations. - Ability to interpret and apply relevant cybersecurity laws, regulations, and policies. - Ability to collaborate across teams and work effectively with external service providers. - Ability to design, conduct, and evaluate test plans, assessments, and compliance audits. - Ability to lead complex assessments, provide strategic recommendations, and advise leadership on enterprise-wide security control effectiveness. Compensation - Salary Range: $100,000-$120,000. - The SkyePoint Decisions salary range for this position is a general guideline only. It represents an estimated range for this position and is just one piece of our total compensation package. - Salary at SkyePoint is determined by various factors, including but not limited to location, work schedule, the candidate’s combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability, market data and business considerations. Benefits - Certification incentive program. - PTO. - Floating federal holiday options. - Several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs]. - Flex Spending Accounts [FSAs]. - Full Dental Plans. - Vision. - ST/LT Disability. - Life Insurance. - 401k matched.

• Own Infrastructure Security: Design, implement, and improve security controls- including hardening, network segmentation, IAM, and endpoint security - across our entire fleet. • Lead the technical direction for cyber security defense, covering enterprise posture management, threat detection, and vulnerability management. • Partner with ITOps, SysOps, DevOps and XOps to embed security into the core of our architecture and change management processes. • Develop and maintain our SIEM strategy and the surrounding infrastructure to ensure proactive visibility. • Educate and coach engineering teams on secure system design, providing guidance that elevates the security IQ of the entire organization.

• Own Infrastructure Security: Design, implement, and improve security controls- including hardening, network segmentation, IAM, and endpoint security - across our entire fleet. • Strategic Defense: Lead the technical direction for cyber security defense, covering enterprise posture management, threat detection, and vulnerability management. • Collaborative Architecture: Partner with ITOps, SysOps, DevOps and XOps to embed security into the core of our architecture and change management processes. • SIEM Evolution: Develop and maintain our SIEM strategy and the surrounding infrastructure to ensure proactive visibility. • Mentorship: Educate and coach engineering teams on secure system design, providing guidance that elevates the security IQ of the entire organization.