ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Security Controls Assessor who has experience conducting independent comprehensive assessments of the management, operational, and technical security/privacy controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls in the federal market. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

 

Roles and Responsibilities

  • Conducts independent comprehensive assessments of the management, operational, and technical security/privacy controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37).

Required Skills

  • Extensive experience conducting security control assessments using NIST SP 800-53, including preparation of complete authorization packages.
  • Strong technical skills in performing security reviews, identifying gaps in security architectures, and developing a security risk management plan.
  • Expertise in technical security assessment techniques, tools, and practices.
  • Experience performing risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
  • Extensive experience in reviewing authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
  • Experience in developing security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
  • Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously; coordinating resources and ensuring scheduled goals are met.
  • Ability to make decisions and resolve problems effectively – Seek out information and data to evaluate, prioritize and formulate best solution or practice.
  • Must be able to multi-task, work independently and as part of a team, share workloads,and deal with sudden shifts in project priorities.

Desired Skills

  • Deep knowledge in the following areas: network and host based firewalls, intrusion detection/prevention systems, data loss prevention, vulnerability scanning, anti-malware and spam protection, secure data transmission technologies, and network monitoring/protection solutions.
  • Deep understanding and proficiency in network security architecture concepts including topology, protocols, components, and principles.
  • Knowledge of modern software development and deployment practices including unit testing, continuous integration and continuous deployment.
  • Skill in designing security controls based on cybersecurity principles and tenets.
  • Ability to effectively interact with various levels of senior management is necessary.
  • Experience as a member of a certified FedRAMP Third-party Assessment Organization (3PAO) desired.

Education Requirement

  • BA/BS in Computer Science, Engineering or related technical IT field.
  • Preferred – MA/MS in a technical/cyber-related field.

Years of Experience Requirement

  • 7+ years of relevant cyber security experience

Certification Requirement

  • Preferred – ISC2 Certified Information Systems Security Professional (CISSP)
  • Preferred – Global Information Assurance Certification (GIAC)

Location

  • Arlington, VA

Security Clearance

  • Eligibility to obtain and maintain customer required security clearance

Sound like the job for you?

Send us a link to your resumé or portfolio to become part of our talent pool.

Click here to apply

Warning: Invalid argument supplied for foreach() in /var/www/wp-includes/class-wp-list-util.php on line 157