Senior Security Control Assessor

Location: Ashburn, VA

Employment Term: Regular

Employment Type: Full Time

Required Education: Bachelor's Degree

Required Experience: 6 to 20+ years

Required Security Clearance: Top Secret

Related Categories: Defense/Military/Intelligence Analysis, IT - Software Development, IT - Database

Dakota Consulting, Inc. is a growing company that provides innovative business, IT, scientific research, and cybersecurity services to federal and commercial customers. Dakota’s objective is to provide services that meets customers’ needs and exceeds their expectations. Our core values include honesty, a commitment to exceptional customer service, and providing a respectful, fun, challenging, and learning place of employment. We actively recruit for dedicated, technically competent individuals and partners that are self-motivated while performing exceptionally well in a collaborative team effort. Dakota’s headquarters are in Silver Spring, MD. This position will be located in Ashburn, VA.

Dakota is looking for a Senior Security Assessor to join our team. The candidate will perform security compliance activities (including security controls assessment, annual control assessment, and other risk-based security activities for the Federal Risk and Authorization Management Program [FedRAMP] and Federal Information Security Management Act [FISMA] engagements) as part of an active third-party assessment organization in accordance with National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) Step 4. The candidate will also work with an integrated team of federal and contractor security professionals to support an agency’s internal IT security program (FISMA audit) or commercial clients for FedRAMP/ NIST 800-53A Rev4 assessments. Depending on the project, the senior security assessor may serve as Information System Security Officer. Secret Clearance required.

Role and Responsibilities:

  • Security Control Testing
  • Participate / lead the team in the assessment of low, moderate, and high impact information systems or Cloud service offerings
  • Complete comprehensive test plans for identified security controls following NIST 800-53a, FedRAMP guidance, and/or agency-specific guidance
  • Produce complete, accurate, and timely findings reports using client- or Dakota-defined templates
  • Security Program Support
  • Participate / lead the team in support of agency or program cybersecurity programs, performing range of tasks, including reviewing, updating, and/or creating security program policy and/or procedural documents; providing security consultation services; and serving as security subject matter expert
  • Review and analyze needed updates to existing set of security documents (e.g., system boundaries, privacy impact assessments [PIAs], system security plans [SSPs], risk assessments [RAs], memoranda of understanding, interconnection security agreements, contingency plans [CPs], etc.)
  • Draft updates to the security documents by combining information obtained from team members, clients, and the project manager / team leader and from prior experience and personal expertise
  • Maintain currency on latest security vulnerabilities and options for mitigation
  • Develop risk mitigations and recommendations for identified security assessment findings
  • Review system categorization and associated controls, reviewing system
  • Establish and maintain professional relationships with clients, customers, and team members
  • Escalate issues when necessary
  • Complete assignments in a timely manner, document standard operating procedures for performing operating or recurring tasks as requested by clients, and share information / strategy with team members
  • Maintain currency in federal cybersecurity policy, e.g., Office of Management and Budget (OMB) Memorandum, NIST Special Publications, and FedRAMP
  • Dakota Corporate Support
  • Act as deputy cyber program manager in the absence of the cyber program manager in oversight of FedRAMP or FISMA engagements
  • Assist in quality control reviews of deliverable packages upon request
  • Participate in cyber team development of bid and proposal content for possible contract awards

Experience Requirements
At least 6 years’ experience:

  • With federal regulations and security compliance requirements for civilian federal agencies (FISMA, NIST 800 series, OMB A-130, FedRAMP, etc.);
  • Performing range of cybersecurity activities—creation and update of SSPs, RAs, CPs, PIAs, etc.; and
  • Conducting security control assessments/audits using NIST SP 800-53, including preparation of complete authorization packages
  • Effective verbal, written, and listening communications skills
  • Two (2) years of experience conducting FedRAMP Readiness Assessments for FedRAMP cloud environments or knowledge of cloud security.
  • Effective verbal, written, and listening communications skills
  • Competence with all Microsoft office products, e.g., Word, Excel, and Access
  • Expertise in technical security assessment techniques, tools, and practices
  • 2 years or more of experience in hands-on vulnerability security scanning tools to include Nessus Tenable, WebInspect and AppDetective

Skills and Abilities

  • Thorough familiarity with the cybersecurity industry, including current and emerging technologies, methodologies (including cloud security models), defense in depth principles, security engineering, and vulnerability and risk analysis
  • Ability to work autonomously as well as with other senior level professionals (directors, chief technology officers, chief information security officers, etc.)
  • Must be detail and deadline oriented
  • Must possess a high degree of personal initiative and enthusiasm for the job
  • Excellent customer care skills and abilities
  • Key effective verbal, written, and listening communication skills

Education / Certification Requirements

  • Bachelor’s Degree or equivalent experience in the IT security field
  • Holds at least two (2) of the following Cyber Certifications: Security Professional Certifications (Certified Information Security System Professional [CISSP], Certified Information Systems Manager [CISM], Certified Information Systems Auditor [CISA], Certified in Risk and Information Systems Control [CRISC], Certified Authorization Professional [CAP], Certified Ethical Hacker [CEH], etc.)
  • Must be a US citizen or permanent resident and be able to obtain a position of public trust with the US Government

Qualified applicants please submit resume to recruitment@dakota-consulting.com or HR Manager, Dakota Consulting, Inc., 1110 Bonifant Street, Suite 310, Silver Spring, MD 20910.

Dakota Consulting, Inc. is an Equal Opportunity Employer. AA/M/F/Vet/Disability