ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Security Controls Assessor who has experience conducting independent comprehensive assessments of the management, operational, and technical security/privacy controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls in the federal market. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.
Roles and Responsibilities
- Conducts independent comprehensive assessments of the management, operational, and technical security/privacy controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37).
- Extensive experience conducting security control assessments using NIST SP 800-53, including preparation of complete authorization packages.
- Strong technical skills in performing security reviews, identifying gaps in security architectures, and developing a security risk management plan.
- Expertise in technical security assessment techniques, tools, and practices.
- Experience performing risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
- Extensive experience in reviewing authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
- Experience in developing security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
- Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously; coordinating resources and ensuring scheduled goals are met.
- Ability to make decisions and resolve problems effectively – Seek out information and data to evaluate, prioritize and formulate best solution or practice.
- Must be able to multi-task, work independently and as part of a team, share workloads,and deal with sudden shifts in project priorities.
- Deep knowledge in the following areas: network and host based firewalls, intrusion detection/prevention systems, data loss prevention, vulnerability scanning, anti-malware and spam protection, secure data transmission technologies, and network monitoring/protection solutions.
- Deep understanding and proficiency in network security architecture concepts including topology, protocols, components, and principles.
- Knowledge of modern software development and deployment practices including unit testing, continuous integration and continuous deployment.
- Skill in designing security controls based on cybersecurity principles and tenets.
- Ability to effectively interact with various levels of senior management is necessary.
- Experience as a member of a certified FedRAMP Third-party Assessment Organization (3PAO) desired.
- BA/BS in Computer Science, Engineering or related technical IT field.
- Preferred – MA/MS in a technical/cyber-related field.
Years of Experience Requirement
- 7+ years of relevant cyber security experience
- Preferred – ISC2 Certified Information Systems Security Professional (CISSP)
- Preferred – Global Information Assurance Certification (GIAC)
- Arlington, VA
- Eligibility to obtain and maintain customer required security clearance