ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Security Compliance Assessor to support the compliance oversight and security authorization and assessment activities for a large security portfolio of systems.

Roles and Responsibilities

  • Participate in all steps of the Security Authorization and Assessment process for FISMA systems.
  • Deliver all required documentation using the current DHS approved templates, forms, regulations, and methods
  • Continuously update all documentation as required
  • Provide advisement to stakeholders to assign resources and establish timelines to ensure the successful Security Authorization of a system
  • Review and validate all relevant NIST 800-53 and DHS 4300B Security Controls and/or applicable departmental policies for each IT system assigned
  • Ensure software installed in the production environment is evaluated and provide guidance regarding the potential for the software to introduce risk into the environment
  • Perform oversight of compliance with Vulnerability Alerts
  • Review and validate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for each managed IT System prior to authorizing closure. Proper documentation to support the POA&M lifecycle shall be filed and updated as required, including well documented waivers and exceptions detailing the potential risk to the Authorizing Official
  • Perform in depth reviews of logs and other artifacts for each IT system
  • Provide, track and report security requirements throughout the project life cycle of all projects that are within the accreditation boundary of assigned systems
  • Provide timely and detailed responses to all data calls
  • Provide oversight and guidance regarding requests to modify technical policies such as firewall rules, ports, protocols, etc. for each IT system
  • Coordinate with and brief Federal staff on all activities pertaining to each IT system as requested
  • Continuously maintain a thorough understanding of all configurations, architecture, installed software, accounts (both Operating System and Application), data flows, ports, protocols, and other relevant data for each IT System
  • Coordinate with the appropriate operational group to accurately update the System Design Document for each IT system to reflect the approved state of each IT system
  • Participate in numerous working groups to provide training and guidance to numerous Components
  • Work closely with Office of the Chief Information Security Officer (CISO) to provide guidance and oversight for all requested initiatives

Required Skills

  • Knowledge of and experience with NIST SP 800-53, 800-53A, and 800-37
  • Experience with Risk Management Framework (RMF), POA&Ms, Security Authorization and Assessments, Vulnerability Assessments, FISMA Requirements, Waivers, Ongoing Authorization, Authority to Operate, Continuous Monitoring
  • Technical background and ability to review complex configurations for validation (i.e. Software Engineering, Network Engineering, System Administrator, Database Administrator background).
  • Ability to compose and comprehend policy, procedure, guidance, demos, and training documentation
  • Expected to have superior communication and customer service skills to support training, help desk ticket responses, and support of a large customer base
  • Strong writing skills are required

Desired Skills

  • Experience with Nessus, McAfee, Symantec, Retina, and Splunk software and output formats.
  • Knowledge of DHS 4300B

Education Requirement

  • Master’s Degree or 15 years of relevant experience

Certification Requirement

  • CISA or CAP preferred – include certification # on resume

Location

  • Washington, DC with occasional travel to field sites

Security Clearance

  • U.S. Citizen and Top-Secret Clearance

Sound like the job for you?

Send us a link to your resumé or portfolio to become part of our talent pool.

Click here to apply