SME Cyber Vulnerability Assessment Analyst (Security Assessments Lead)

Summary of Position

SiloSmashers is looking for a Security Assessment Team lead for the security control assessor and penetration test teams. In addition, this individual will provide compliance assessments of the severity of weaknesses or deficiencies in CISA's CSD information systems and prepare security assessment reports containing the results and findings from the assessment. The individual will serve as principal security advisor on risk matters, technical and otherwise, involving the identification and prioritization of security risk to CISA CSD information systems. This work includes examining risk analysis and mitigation security considerations and providing critical thinking when applying security controls to system design, implementation, and operation of CISA systems supporting the cybersecurity and critical infrastructure protection missions.

Principle Duties and Responsibilities

• - Must have 10+ years' experience assessing information systems and writing/preparing security assessment reports

• - Perform host, network, cloud, application-based, machine learning based security assessments and conduct a comprehensive assessment of the management, operational, and technical security controls to determine the overall effectiveness of the controls

• - Responsible for creating and updating the master schedule of all security assessments and for delivering it to the Government for approval

• - Develop standard operating procedures, security test plans, assessment schedules, Rules of Engagement for stakeholders' assessment results and recommendations and provide expert technical support for potential targets both before and after the assessment

• - Complete the following communication and reporting activities: assessment kickoff meeting, daily statuses, and out-brief meeting

• - Perform annual, ongoing, and ad-hoc assessments that support the continuous monitoring strategy for all systems with an ATO

• - Collaborate with authorizing officials and/or system owners to plan security assessments as needed

Required Skills, Knowledge and Experience

• - BS/BA in Computer Science, Information Systems, Software Engineering or other related analytical, scientific or technical discipline.

• - 10+ years of security control assessment experience

• - 6+ years of experience with FedRamp systems (Azure, AWS, GCP)

• - Effective written and oral communication skills.

• - Previous Federal Government experience is a plus.

Security Clearance

• Minimum Secret with ability to receive an active TS/SCI

Work Location

• 100% remote with occasional on-site visits as needed