Cyber Security Analyst / Manager

Security Control AssessorLocation: Silver Spring, MarylandType of Work: OnsiteWork Schedule: 40 hours/week. Strict Core Hours: 7:30 AM – 4:30 PM EST.Duration: 12 MonthsPosition SummaryThe Security Control Assessor will perform an independent Federal Information Security Modernization Act (FISMA) assessment for information system. The role is responsible for evaluating security and privacy controls, reviewing authorization documentation, conducting technical and non-technical assessments, performing penetration testing activities, identifying security risks, and developing assessment deliverables that support Authorization to Operate (ATO) decisions.Key ResponsibilitiesConduct independent FISMA security and privacy control assessments in accordance with NIST, FISMA, DOC, requirements.Review System Security Plans (SSPs), POA&Ms, authorization packages, policies, procedures, and supporting artifacts.Develop Security Assessment Plans (SAPs) and Security Requirements Traceability Matrices (SRTMs).Execute control assessments using Examine, Interview, and Test methodologies.Perform technical security validation and penetration testing activities.Assess Moderate-impact systems with High Value Asset (HVA) and Privacy overlays.Validate security control implementation and effectiveness.Review vulnerability scan results and evaluate associated risks.Document findings, recommendations, and risk determinations.Prepare Security Assessment Reports (SARs), Risk Assessment Reports (RARs), Assessment Findings Reports (AFRs), Penetration Testing Reports (PTRs), and Assessment Results Briefings (ARBs).Present assessment results and recommendations to System Owners, ISSOs, and Authorizing Officials.Ensure all assessment activities comply with NIST SP 800-53 Rev. 5, NIST SP 800-53A Rev. 5, NIST SP 800-37, FISMA, and NOAA cybersecurity requirements.Required QualificationsMinimum 5 years of experience supporting cybersecurity assessments, compliance, or risk management activities.Minimum 5 years of experience working with NIST 800-series publications.Experience with FISMA, FIPS 200, Risk Management Framework (RMF), Privacy Act requirements, and Federal authorization processes.Experience conducting security control assessments and documenting assessment results.Experience preparing security assessment documentation and executive briefings.Strong analytical, technical writing, and communication skills.Ability to work independently and interact effectively with government stakeholders.Required CertificationsCandidates must possess and maintain at least one of the following certifications:CISSP – Certified Information Systems Security ProfessionalCGRC – Certified in Governance, Risk and ComplianceCISA – Certified Information Systems AuditorCEH – Certified Ethical HackerGCIH – GIAC Certified Incident HandlerGSNA – GIAC Systems and Network AuditorPreferred QualificationsExperience conducting FISMA assessments for Moderate and High impact systems.Experience with FedRAMP and cloud security assessments.Experience assessing High Value Assets (HVAs).Experience performing penetration testing and vulnerability assessments.Experience developing SARs, SRTMs, RARs, AFRs, and ATO package documentation.EducationBachelor’s degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related field. Relevant experience may be considered in lieu of a degree.