Security Controls Assesor
We are seeking a Mid-Level Security Controls Assessor (SCA) to perform security assessments for the U.S. International Trade Commission (USITC). This role involves evaluating security and privacy controls, conducting technical tests, and collaborating with stakeholders to enhance compliance with federal standards such as NIST SP 800-53 Rev. 5, FISMA, and FIPS Moderate baselines. The ideal candidate will have hands-on experience conducting assessments and working in dynamic, compliance-driven environments.
Key Responsibilities-
Perform comprehensive assessments of ITCNet, HTS, and IS systems, ensuring compliance with NIST SP 800-53A Rev. 5 and federal security standards.
-
Use automated tools such as Tenable Nessus and Burp Suite to conduct vulnerability scans and technical control validations.
-
Assess critical control areas, including access control mechanisms, encryption practices, and boundary protections (firewalls, VPNs, etc.).
-
Collect and analyze evidence, such as configuration files, logs, and system screenshots, to validate control implementation and compliance.
-
Develop POA&Ms and compliance matrices based on assessment findings, including prioritized remediation recommendations.
-
Participate in regular stakeholder meetings to provide progress updates, share insights, and address emerging issues during assessments.
-
Collaborate with senior assessors and team leads to ensure assessments are completed on time and meet USITC’s compliance objectives.
-
Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
-
3–5 years of experience conducting security assessments, preferably in federal or compliance-focused environments.
-
Strong knowledge of NIST SP 800-53 Rev. 5, FIPS Moderate baselines, and FISMA standards.
-
Proficiency in vulnerability scanning tools (e.g., Tenable Nessus) and web application testing tools (e.g., Burp Suite).
-
Excellent analytical and documentation skills, with experience preparing reports and compliance matrices.
-
Relevant certifications such as CEH, Security+, or CAP.
-
Familiarity with hybrid telework environments, cloud platforms (AWS, Azure, GCP), and related security controls.
-
Remote work with regular virtual meetings via Microsoft Teams or equivalent tools.