SME Security Control Assessor

About this Role

We are looking for a SME Security Control Assessor that supports security control assessment activities for HHS-ACF information systems by applying NIST security controls and frameworks to evaluate control implementation and effectiveness. This role is responsible for gathering, organizing, and documenting assessment evidence; conducting security testing and evaluations; and assisting with vulnerability scanning and analysis. The assessor leads security control interviews, supports continuous monitoring activities, and contributes to the development of assessment reports, briefings, and formal deliverables.

Additionally, the role maintains assessment documentation and tracking artifacts, reviews security documentation, and assists in the development of Plans of Action and Milestones (POA&Ms). The SME Security Control Assessor I actively participates in team meetings and technical discussions to support compliance, risk management, and overall system security posture.

• Competitive salary

• Support security control assessment activities
• Gather and organize assessment evidence
• Document security control implementation
• Conduct security testing and evaluations
• Assist with vulnerability scans and analysis
• Create assessment reports and briefings
• Maintain assessment documentation and tracking sheets
• Lead security control interviews
• Prepare assessment deliverables
• Applying NIST security controls and frameworks
• Support continuous monitoring activities
• Assist with security documentation review
• Contribute to Plans of Action and Milestones (POA&Ms) development
• Participate in team meetings and technical discussions

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
• 2+ years of experience in security control assessments
• Basic understanding of cybersecurity principles and concepts
• Knowledge of NIST frameworks and security controls
• Familiarity with common security tools and technologies
• Strong attention to detail
• Excellent organizational skills
• Basic technical writing abilities
• Proficiency in Microsoft Office suite
• Strong analytical and problem-solving skills
• Ability to follow detailed instructions and procedures
• Good communication skills
• Eagerness to learn and develop professional skills
• Basic understanding of networking concepts
• Ability to work effectively in a team environment
• Commitment to maintaining confidentiality and security protocols
• Familiarity with Risk Management Framework (RMF)

• Security+ certification or in progress
• Basic understanding of FISMA requirements
• Experience with vulnerability scanning tools
• Knowledge of basic scripting or programming
• Familiarity with cloud computing concepts
• Understanding of basic system administration
• Experience with documentation management systems
• Knowledge of compliance frameworks
• Basic understanding of security assessment methodologies
• Familiarity with cybersecurity best practices
• Experience with technical documentation
• Interest in federal government cybersecurity
• Basic understanding of privacy principles

Employment for this position is contingent upon the candidate being a United States citizen and having the ability to successfully obtain and maintain a Public Trust clearance, in accordance with applicable federal regulations. All hiring decisions will be made in compliance with applicable federal, state, and local laws and regulations

We are an Equal Opportunity Employer and do not discriminate in employment decisions on the basis of race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, genetic information, veteran status, or any other status protected by applicable federal, state, or local laws. All employment decisions are based on business needs, job requirements, and individual qualifications.

Flexible work from home options available.