Job Closed
This listing is no longer active.
SkyePoint Decisions is an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 for Services and Development. We possess a common vision of excellence and foster a collaborative team culture built upon individual performance and accountability. We invest in our people and systems to create value for our clients. It is the SkyePoint Way. We are grateful for the opportunity to work with exceptional people and give back to the communities we serve. Our employees value the flexibility at SkyePoint that allows them to balance quality work and their personal lives. SkyePoint Decisions is a participating E-Verify Employer. U.S. Citizenship is required for most positions. Equal Opportunity Employer/Veterans/Disabled.
Senior Security Control Assessor
Location
United States
Posted
62 days ago
Salary
$100K - $120K / year
Seniority
Senior
Job Description
Senior Security Control Assessor
SkyePoint Decisions
Role Description SkyePoint Decisions is seeking a Senior Security Control Assessor to join our team supporting a government contract. This is a remote position. - Perform security reviews to identify architectural gaps and provide recommendations for risk mitigation. - Conduct risk analyses (e.g., threats, vulnerabilities, probability of occurrence) during significant system/application changes. - Plan and execute security authorization reviews, assurance case development, and audits for system installations and networks. - Provide input to the Risk Management Framework (RMF) and related documentation, including lifecycle support plans, CONOPS, and operational procedures. - Review authorization packages and assurance documents to confirm risk levels are acceptable for systems, applications, and networks. - Verify that system, network, and application security postures are implemented as designed, documenting deviations and recommending corrective actions. - Assess the effectiveness of implemented security controls across management, operational, and technical areas. - Support compliance activities by ensuring security configuration guidelines and standards are followed. - Evaluate configuration management and release processes for security impacts. - Define/document how new systems or interfaces affect the organization’s current security posture. - Develop security compliance processes and perform audits of external services (e.g., CSPs, data centers). - Ensure Plans of Action & Milestones (POA&Ms) and remediation plans are established for vulnerabilities. - Participate in Risk Governance processes by presenting risks, mitigations, and technical assessments. - Support acquisition and procurement efforts to ensure information security requirements are integrated. - Produce reports, briefings, and technical documentation reflecting assessment results and recommendations. Qualifications - Must be able to obtain a High Risk/Public Trust Security Clearance. - 7+ years of relevant IT/cybersecurity experience. - Certification in one of the following: A+, Net+, or Security+. - Degree in a technical/cyber-related field (or equivalent experience/certifications). - Proficiency in assessing security controls against standards (e.g., NIST SP 800-53, CIS CSC, Cybersecurity Framework). - Strong skills in vulnerability scanning, penetration testing principles, and interpreting results. - Ability to conduct risk, impact, and compliance assessments. - Skill in technical documentation, briefings, and audit reporting. - Proficiency in security architecture review and system design evaluation. - Knowledge of secure coding principles and application security (e.g., OWASP Top 10). - Experience applying confidentiality, integrity, availability, authenticity, and non-repudiation principles to systems and networks. - Familiarity with compliance frameworks and security assessment tools. - Strong analytical, technical writing, and communication skills are essential. - Knowledge of Risk Management Framework (RMF) and Security Assessment & Authorization (SA&A) processes. - Knowledge of security architecture concepts, enterprise reference models, and assessment methodologies. - Knowledge of network security protocols, models, and configurations (including defense-in-depth). - Working knowledge of government compliance standards and assessment processes. - Knowledge of cyber threats, vulnerabilities, and operational impacts of lapses. - Knowledge of information security principles and methods (e.g., encryption, access control, PKI). - Knowledge of applicable laws, directives, and compliance requirements (e.g., NIST SP 800-161, FISMA, FedRAMP). - Knowledge of system and application security threats (e.g., injection flaws, cross-site scripting, buffer overflow). - Knowledge of IT supply chain security and risk management practices. - Knowledge of cyber defense and vulnerability assessment tools. - Working knowledge of IRS Safeguards. - Must be a U.S. citizen. Preferred Qualifications - Active Secret or Top Secret security clearance. - CISSP or CISM. - Ability to evaluate and synthesize risk assessment data into actionable findings. - Ability to clearly communicate technical and risk information to technical and non-technical audiences. - Ability to assess vulnerabilities and recommend corrective actions. - Ability to apply judgment in ambiguous or evolving situations. - Ability to interpret and apply relevant cybersecurity laws, regulations, and policies. - Ability to collaborate across teams and work effectively with external service providers. - Ability to design, conduct, and evaluate test plans, assessments, and compliance audits. - Ability to lead complex assessments, provide strategic recommendations, and advise leadership on enterprise-wide security control effectiveness. Compensation - Salary Range: $100,000-$120,000. - The SkyePoint Decisions salary range for this position is a general guideline only. It represents an estimated range for this position and is just one piece of our total compensation package. - Salary at SkyePoint is determined by various factors, including but not limited to location, work schedule, the candidate’s combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability, market data and business considerations. Benefits - Certification incentive program. - PTO. - Floating federal holiday options. - Several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs]. - Flex Spending Accounts [FSAs]. - Full Dental Plans. - Vision. - ST/LT Disability. - Life Insurance. - 401k matched.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Own Infrastructure Security: Design, implement, and improve security controls- including hardening, network segmentation, IAM, and endpoint security - across our entire fleet. • Lead the technical direction for cyber security defense, covering enterprise posture management, threat detection, and vulnerability management. • Partner with ITOps, SysOps, DevOps and XOps to embed security into the core of our architecture and change management processes. • Develop and maintain our SIEM strategy and the surrounding infrastructure to ensure proactive visibility. • Educate and coach engineering teams on secure system design, providing guidance that elevates the security IQ of the entire organization.
• Own Infrastructure Security: Design, implement, and improve security controls- including hardening, network segmentation, IAM, and endpoint security - across our entire fleet. • Strategic Defense: Lead the technical direction for cyber security defense, covering enterprise posture management, threat detection, and vulnerability management. • Collaborative Architecture: Partner with ITOps, SysOps, DevOps and XOps to embed security into the core of our architecture and change management processes. • SIEM Evolution: Develop and maintain our SIEM strategy and the surrounding infrastructure to ensure proactive visibility. • Mentorship: Educate and coach engineering teams on secure system design, providing guidance that elevates the security IQ of the entire organization.
• Own Infrastructure Security: Design, implement, and improve security controls- including hardening, network segmentation, IAM, and endpoint security - across our entire fleet. • Strategic Defense: Lead the technical direction for cyber security defense, covering enterprise posture management, threat detection, and vulnerability management. • Collaborative Architecture: Partner with ITOps, SysOps, DevOps and XOps to embed security into the core of our architecture and change management processes. • SIEM Evolution: Develop and maintain our SIEM strategy and the surrounding infrastructure to ensure proactive visibility. • Mentorship: Educate and coach engineering teams on secure system design, providing guidance that elevates the security IQ of the entire organization.
Security Control Assessor
SkyePoint DecisionsSkyePoint Decisions is an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 for Services and Development. We possess a common vision of excellence and foster a collaborative team culture built upon individual performance and accountability. We invest in our people and systems to create value for our clients. It is the SkyePoint Way. We are grateful for the opportunity to work with exceptional people and give back to the communities we serve. Our employees value the flexibility at SkyePoint that allows them to balance quality work and their personal lives. SkyePoint Decisions is a participating E-Verify Employer. U.S. Citizenship is required for most positions. Equal Opportunity Employer/Veterans/Disabled.
Role Description SkyePoint Decisions is seeking a Security Control Assessor to join our team supporting a government contract. This is a remote position. - Provide overall SA/OSA subject matter expertise to the Information System Security and Authorization (SA) program. - Provide specific guidance and technical expertise in the form of standards, policies, procedures, and oversight for the program. - Review and provide guidance on OSA program and continuous monitoring capabilities, PIA, SSPs, and identity updates to enhance the quality of these assessments. - Review and provide advice based on analysis for Privacy Impact Assessments (PIA). - Review and provide advice based on analysis for Third Party Website and Applications (TPWA). - Review and analyze all system artifacts for accuracy, completeness, in support of an authorization to operate (ATO) requests. - Review ATO packages under the RMF for customer systems and the systems of the external partners and create or update ATO packages as necessary before submission for approval. - Create or Review ATO packages prior to submission to CISO and CIO approval. - Ensure all assessment and audit reports are uploaded properly to the FISMA Management Tool: (Cyber Security Assessment and Management (CSAM)). - Coordinate and assist with data calls and data collection efforts for compiled and managed responses from stakeholders for audit and compliance reporting. - Conduct audits of closed Plan of Actions and Milestones (POA&M) for completeness and compliance. - Support the ongoing security authorization (OA) process that includes continuous monitoring. - Provide document development support for CISO sponsored events and responses to questions and concerns. - Draft document review and feedback on application of security and privacy requirements (e.g., technical review boards, review of SSPs, RA’s, contingency plan, POA&M reports). - Track the renewal dates for the security authorizations and ongoing security authorizations to ensure the ATO renewal efforts by working with respective stakeholders, SOs, and ISSOs. - Conduct lessons learned sessions and developing best practices. Qualifications - Must be able to obtain a High Risk/Public Trust Security Clearance. - Bachelor’s or equivalent and five to ten (5-10) years related experience. - At least three years of experience in a computer security incident response role. - At least three years of enterprise Linux and Windows administration. - Experience working in a Security Operations Center. - Experience with Active Directory and other enterprise credential stores. - Passion for information security and incident response. - Experience with cyber threat intelligence. - Excellent communications and interpersonal skills. - Critical thinking and problem-solving skills. - Ability to quickly learn new technologies and respond to changing requirements and environment. - Ability to work independently and in a cross-functional team. - Ability to identify both tactical and strategic solutions to complex issues. - Advanced malware analysis experience, such as reverse engineering and disassembly design. - Must be a U.S. citizen. Requirements - Active Secret or Top Secret security clearance (preferred). Benefits - Salary Range: $100,000-$120,000. - Certification incentive program. - PTO and floating federal holiday options. - Several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs]. - Flex Spending Accounts [FSAs]. - Full Dental Plans and Vision. - Short-Term/Long-Term Disability and Life Insurance. - 401k matched.
