Northramp is seeking a System Security Specialist with 5+ years of experience to provide technical cybersecurity controls assessment support. We are looking to hire a Security Controls Assessor to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance. 

Specifically, the controls assessor will:

  • Review and update existing information security policy, standards, and procedures based on federal and departmental regulations.
  • Perform independent security and privacy control assessments on behalf of the client CSO in support of Security Assessment & Authorization (SA&A).
  • Conduct assessments of existing and new FISMA systems, including subsystems in the respective system boundary, and communicate the results and potential implications of identified control weaknesses.
  • Reviews and analyze, Assessment & Authorization (A&A) packages to include System Security Plans (SSP), Risk Assessments, Information System Contingency Plans (ISCP), Back-up Standard Operating Procedures (SOP), Incident Response Plans (IRP), Configuration Management Plans, (CMP), Hardware/Software lists, Network Diagrams, Data Flows, System Change Requests/Proposals, Vulnerability scan reports, test reports, and Plan of Actions & Milestones (POA&Ms) for completeness, accuracy, and document effectiveness of controls, plans and procedures implementation.
  • Create and maintain test cases for security assessment testing and perform security testing at the control-requirement level for each unique component of each system (e.g., application, web application server, financial systems, database server/instance, operating systems, specialized appliances, network and infrastructure devices, and end-user devices (e.g., mobile phones, laptops, etc.).
  • Develop and execute a security and privacy assessment plan in accordance with NIST SP 800-53A, as amended, requirements, for each security assessment project. SA&A activities shall include support for RMF steps 4-6
  • Document and provide findings and recommendations that are concise, system-specific, and actionable.
  • Analyze security tool reports and determine residual risk or false positives from technical reports and artifacts before assigning findings.

Position Requirements:

  • Strong written and verbal communication skills.
  • Strong communication ability across all levels of management.
  • Experience in planning assessments and be a senior member in a team of security control assessors
  • Three (3) years’ experience supporting security assessment teams is required.
  • Experience in presenting control requirements and deficiencies to both technical and non-technical audiences.
  • Experience performing detailed, full-scope technical security control testing for each of the component types, including development of security and privacy assessment plans is required.
  • Ability to analyze information system configurations and technical specifications against NIST SP 800-53 and other overlays
  • Possesses a strong understanding of the NIST Special Publication 800-53 security and privacy controls, the NIST Cybersecurity Framework and other information security and privacy laws and regulations.
  • Experience with development and writing of risk-based documentation.
  • Bachelor’s degree or higher in Computer Science’s, MIS/IT, Engineering, Information Security/IA, or related discipline to work requirement
  • Five (5) or more years of Information Security experience required
  • Two (2) years of experience with the use of eGRC tools
  • One of the following certifications is required: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Risk and Information Systems Control (CRISC), or Certified Information Security Auditor (CISA)


Clearance


Applicants selected will be subject to a public trust security investigation and will need to meet eligibility requirements.  No Sponsorship - Must be legally authorized to work in the United States without the need for employer sponsorship now or at any time in the future, U.S. Citizenship required. 

 

COVID-19 Vaccine Mandate


Candidates must have received or be willing to receive the COVID-19 vaccination to be considered. Proof of vaccination is required. Medical and/or religious exemption requests will be considered. We will make a determination on your request for reasonable accommodation on a case-by-case basis.


About Northramp

 

At Northramp, our passion, our true north, is to help our clients cut through the fog and obtain technical and operational clarity to help them make the most significant impact possible.  Focused like a laser on driving value for our clients, Northramp specializes in helping public and private sector clients streamline their IT operations, improve their technical services, and drive greater returns from IT investments.

 

If you are curious in learning more about Northramp, please visit our website at https://www.northramp.com.

     

All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

 

Reasonable Accommodation Requests


Northramp is committed to working with and providing reasonable accommodation to individuals with physical and mental disabilities. If you need special assistance or an accommodation while seeking employment, please e-mail PeopleOPS@northramp.com or call: (866) 602-8688 - Northramp Human Resources. We will make a determination on your request for reasonable accommodation on a case-by-case basis.

 

EEO is the Law


The law requires Northramp to post a notice describing the Federal laws prohibiting job discrimination. For information regarding your legal rights and protections, please click on the following link: EEO is the Law and EEO is the Law Supplement.

 

Pay Transparency Non-Discrimination


Northramp will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay. Please see the Pay Transparency Nondiscrimination Provision for more information.

 

E-Verify


As a Federal Contractor, Northramp is required to participate in the E-Verify Program to confirm eligibility to work in the United States. For information please click on the following link: E-Verify.

This position has been filled.