Avint logo
Avint

Your Vision Achieved

Security Controls Assessor – Journeyman

Security EngineerSecurity EngineerFull TimeRemoteSeniorTeam 11-50H1B No SponsorCompany SiteLinkedIn

Location

United States

Posted

18 hours ago

Salary

$104K - $119K / year

Seniority

Senior

Bachelor Degree6 yrs expEnglishCyber Security

Job Description

Security Controls Assessor – Journeyman

Avint

• Conduct security control assessments of information systems using interview, examination, and testing methods • Verify compliance with established frameworks such as NIST SP 800-37, NIST SP 800-53, NIST SP 800-171, FISMA, and/or FedRAMP, depending on organizational requirements • Analyze system architectures, network diagrams, configuration settings, and policies to identify vulnerabilities and compliance gaps • Review vulnerability scanning results (e.g., Nessus, Qualys) and penetration testing reports to validate the implementation of technical controls • Document detailed testing results and draft sections of the Security Assessment Report (SAR), ensuring clear explanations of non-compliant findings • Present assessment findings and risk postures to Authorizing Officials (AO), system owners, and other stakeholders in clear, actionable terms • Assist system owners in the development of realistic Plans of Action and Milestones (POA&M) to remediate identified deficiencies • Collaborate with the Risk Management team to ensure assessment data accurately informs the organization’s continuous monitoring strategy • Stay current on emerging cyber threats, vulnerabilities, regulatory changes, and assessment techniques • Identify opportunities to automate assessment processes and integrate modern tooling into the assessment lifecycle • Participate in the development and refinement of enterprise information security policies, standards, and guidelines

Job Requirements

  • Bachelor’s degree (BS/BA) OR equivalent professional experience
  • Security+ or higher
  • Minimum of 6-8 years of dedicated experience in cybersecurity, information assurance, or IT auditing
  • At least six (6) years of dedicated experience performing hands-on security controls assessments of systems of moderate complexity (C2 & C3) with capability of supporting C4 assessments
  • Must be a U.S. citizen (no dual citizenship)
  • Ability to pass a background investigation
  • Able to obtain and maintain DHS Suitability/Entry on Duty (EOD)
  • Strong attention to detail and organized documentation habits
  • Good analytical and troubleshooting abilities
  • Professional verbal and written communication skills, with an ability to collaborate effectively across technical boundaries.

Benefits

  • competitive salaries
  • full health insurance
  • generous time off
  • observation of federal holidays
  • reimbursement for courses, exams, and tuition
  • investment in employee professional development

Related Categories

Related Job Pages

More Security Engineer Jobs

Full TimeRemoteTeam 11-50H1B No Sponsor

• We are seeking a highly skilled and experienced Information Systems Security Officer (ISSO) Subject Matter Expert (SME) to join our team. • In this critical role, you will be ultimately responsible for the day-to-day cyber operations of assigned systems, ensuring strict adherence to the Risk Management Framework (RMF) and industry standards. • As a trusted advisor, you will collaborate closely with executive leadership—including the Authorizing Official (AO), System Owners, and the Chief Information Security Officer (CISO)—to mitigate risk and defend vital digital infrastructure.

United States
$132K - $150K / year
VivSoft logo

Cybersecurity Engineer

VivSoft

Solving complex Public Sector Use cases using emerging technologies - SBIR Phase III Awardee

Security Engineer18 hours ago
Full TimeRemoteTeam 51-200Since 2011H1B Sponsor

• Manage overall platform security to meet/exceed stakeholder cybersecurity expectations • Design and implement security architectures, controls, and technologies for government systems • Lead vulnerability assessment, penetration testing support, and security engineering reviews • Develop and maintain security documentation (SSPs, POA&Ms, etc.) for ATO packages • Support Risk Management Framework (RMF) implementation and continuous monitoring programs • Implement Zero Trust, identity management, and endpoint security solutions • Respond to security incidents, conduct forensic analysis, and coordinate remediation • Provide security guidance to development and infrastructure teams

United States
Full TimeRemoteTeam 10,001+Since 2013H1B Sponsor

• executing the design, building, testing, and implementation of security systems across our environment • working closely with other members of the Information Security team to identify potential threats and vulnerabilities and develop strategies and solutions to mitigate these risks • securing the end-user device estate and the mobile platforms through which the enterprise increasingly operates • contributing to our overall information security strategy • define and evaluate security architecture for the end-user device estate • advise on mobility security • perform Security Architecture Reviews • deliver Security Architecture Consulting engagements with business partners • provide Risk Evidence Review on request • plan, design, build, and implement enterprise security architecture • evaluate security technologies and controls across the environment • identify and communicate current and emerging security threats and risks • help develop solutions that balance information security needs with the needs of the business • be fluent with AI concepts and incorporate AI into your daily workflows • create reusable security-architecture artifacts • support training and mentorship of more junior employees

United States
$124.5K - $236.5K / year
Authentic8 logo

Red Team Engineer – Offensive Security Lead

Authentic8

The Silo Web Isolation Platform from Authentic8 enables anyone, anywhere, on any device to utilize the web without risk.

Security Engineer19 hours ago
Full TimeRemoteTeam 51-200H1B Sponsor

• Design, build, and operate an AI-augmented red teaming harness using frontier LLM APIs. • Implement a control loop architecture (Plan | Act | Observe | Adjust) for autonomous and semi-autonomous vulnerability discovery. • Integrate the harness with purpose-built SBOM tooling (Endor Labs), CVE monitoring feeds (NVD, OSV.dev, EPSS/KEV, GitHub Advisory Database, and vendor-specific bulletins), and our CI/CD pipeline (Snyk, SonarQube). • Conduct adversarial testing across four attack perspectives: (Internal source code, External unauthenticated adversary, Internal authenticated user, and Internal unprivileged adversary) • Chain findings identify exploitable paths and corresponding vulnerabilities. • Validate and prioritize findings using CVSS, EPSS, and KEV context before handing off to the patch management pipeline. • Support the development and day-to-day operation of Authentic8's internal Bug Bounty Program. • Collaborate with engineering on custom mitigation decisions when vendor patches are unavailable. • Assume ownership of security stage-gates within our CI/CD pipeline, integrating Snyk, SonarQube, and harness findings into the build process. • Work alongside the SOC Lead on CVE monitoring, alerting, and vulnerability prioritization workflows. • Partner with DevSecOps Engineers on harness architecture and pipeline integration. • Provide technical input to the Integrated Operations Center on detection use case design for our SIEM. • Regularly brief the VP of Information Security on findings, program health, and checkpoint criteria.

United States
$150K - $175K / year