RISK ASSESSOR, MID.rnMILITARY FRIENDLY & PREFERRED - HOH SPONSORrnZermount Inc. is seeking a Mid Risk Assessor who will be responsible for preparing for risk assessments (RA), conducting RA, developing reports and providing solutions to mitigate risk. Conduct assessments of systems, technologies, designs, configurations, and capabilities to identify the potential adverse impacts to the client's mission, operations, systems, and data. Responsible for providing leadership with the information needed to determine appropriate courses of action in response to identified risks and ability to make data driven decisions. Conduct assessments to assist the organization in identifying and modifying their overall security posture and to enable security, operations, organizational management, and other personnel to collaborate and view the entire organization from an attacker's perspective. Assist leadership with determining the value of the various types of data generated and stored across the organization and ensuring it is properly protected. You will be providing a critical service to measure the client's security posture, and validate they are compliant with federal requirements, laws, directives, standards, guidelines, and industry best practices.rnDesign, develop, engineer, and implement Cybersecurity solutions as mandated by the Clinger Cohen Act. Perform complex risk assessment. Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands. Support customers at the highest levels in the development and implementation of doctrine and policies. Apply know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures. Perform analysis, design, and development of security features to support system architecture.rnrnDuties & Responsibilities: Assess all applicable security controls defined in the mandated DHS Compliance tool and applicable to the systems under their purview.rnComplete System Categorization (FIPS-199), Privacy Threshold Analysis (PTS), E-Authorization, Contingency Plans (CPs), Contingency Plan Tests, Security Plans. Review Nessus scan reports and collaborate with system security engineers, ISSOs and System Owners as needed.rnDevelop the Security Assessment (SA) package documentation to include Security Assessment Plans (SAP), Security Assessment Reports (SAR), ATO Letters, ATO Recommendation Memo, Risk Assessment Memos, CFO Designation Memos, POA&M finding matrices, Executive Data Sheet (EDS), OA artifacts, etc.rnGather evidence for ATO efforts and store results in the mandated DHS Compliance Tool and/or in a separate customer repository.rnAssess risk as a result of system upgrades and provide recommendation on handling potential impact of the change while utilizing assigned tools for tracking the system changes.rnProvide recommendations for refining and/or improving existing RMF processes and procedures and support implementation of these changes.rnIn view of the remote nature of the contract, an individual Weekly Status Report and Weekly Status Reports Briefing are required deliverables for assigned tasks. The resources must have the ability to effectively develop weekly status reports, that are consistent, well structured, answer to all the assigned management templates guidelines, are in alignment with the task area of support, and are relevant to the reporting period. At a minimum the weekly status report should reflect the following:rnWeekly work accomplished.rn2 weeks of ongoing and planned tasksrnRisks, and issues impacting tasks assigned.rnThe report format will be primarily MS PowerPoint and MS Project (or other MS tools as required by the management team).rnAll Deliverables shall be at a level of accuracy that does not require "return for correction" for typographical and grammatical errors. (Repetitive requests for correction by the management or Government team may result in a determination of failing to meet the basic standards for professional writing, reporting, accuracy, quality, and completeness of the contractual requirements for deliverables.)rnMust have the ability to prepare to present, brief, and explain; all information captured in weekly status report to management and/or government client.rnrnBasic Responsibilities: Analyze IT specifications to assess security risks. Design and implement safety measures and data recover plans. Secure networks.rnInspect customers systems for vulnerable points of access. Monitor network activities and communicate them to teams.rnQualifications:rnrnKnowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements Technical knowledge of IT systems.rnKnowledge of and experience using relevant cybersecurity and analysis tools such as Archer, Nessus Security Center, Splunk, etc.rnExperience communicating effectively, both oral and written, with technical, non-technical, and executive-level customers.rn Proven experience as a system engineer who later moved to Security engineering roles.rnProgramming skills such as .NET, PHP, MySQL, CSS, JSON, Javascript, C/C++ are preferred.rnIn-depth knowledge of NIST 800 Series such as 800-37, 800-30, 800-53A, Circular A-130, FIPSrn140- 2rnKnowledge of patch management, firewalls and intrusion detection/prevention systems.rnFamiliarity with public key infrastructure (PKI) and cryptographic protocols e.g. SSL/ TLS.rnAn analytical mind with excellent problem-solving ability.rnOutstanding communication and organization skills.rnDecision-making skills.rnrn rnEducation: Bachelor preferable but professional experience: 5 years minimum of IT / Cybersecurity experience including direct support of the US government and 3 years as an ISSO, assessor, engineer, or compliance analyst. 7 years if the candidate does not have a bachelor's degree. rn rnA relevant Bachelors degree in IT, Computer Science or engineering with 5 years of IT cybersecurity experience including direct support for the US Government and 4 years acting as an ISSO, assessor, or compliance analystrnCertifications and Training (Required): At least one of the following security certifications:rnrnCertified Authorization Professional (CAP)rnCertified Information Systems Security Officer (CISSO)rnCertified Information Security Manager (CISM)rnCertified Information Systems Security Professional (CISSP)rnrnClearance level: Must have at least a Secret Level Security Clearance.rnWork Location: rnrnRemoternrnHours of Operation: rnrnBusiness Hours: 8:00 am EST - 4:30 pm EST.
