Senior Security Controls Assessor
-
Lead the planning, execution, and reporting phases of security control assessments (SCAs) across ITCNet, HTS, and IS systems.
-
Provide strategic guidance on assessment methodologies, ensuring alignment with NIST SP 800-53A Rev. 5 and federal compliance standards.
-
Conduct advanced technical evaluations of boundary protections, encryption mechanisms, access controls, and other critical security controls.
-
Oversee the use of tools such as Tenable Nessus, Burp Suite, and PowerShell scripts to perform vulnerability scans and validate control implementations.
-
Mentor and provide technical guidance to junior and mid-level assessors, fostering a collaborative and high-performing team environment.
-
Review and validate evidence gathered during assessments, including system configurations, logs, and supporting documentation.
-
Develop comprehensive Plans of Action and Milestones (POA&Ms), executive summaries, and compliance matrices for key stakeholders.
-
Present findings and strategic recommendations to senior USITC leadership during formal briefings and debrief sessions.
-
Identify emerging risks and propose innovative solutions to enhance long-term security posture and operational resilience.
-
Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent work experience).
-
7+ years of experience conducting security assessments in federal environments, including leading teams or managing projects.
-
Advanced knowledge of NIST SP 800-53 Rev. 5, FIPS Moderate baselines, and FISMA compliance.
-
Expertise in vulnerability scanning and testing tools, including Tenable Nessus and Burp Suite, with hands-on experience in manual and automated assessments.
-
Exceptional analytical, problem-solving, and technical writing skills, with a proven ability to present findings to senior leadership.
-
Strong understanding of risk management frameworks, including RMF and executive mandates like EO 14028.
-
Certifications such as CISSP, CISM, CAP, or CISA.
-
Experience assessing cloud environments (AWS, Azure, GCP) and hybrid telework infrastructures.
-
Familiarity with tools like Xacta, ServiceNow GRC, or similar platforms.
-
Remote work with virtual meetings via Microsoft Teams or equivalent tools; occasional travel may be required for in-person engagements.