Security Control Assessor

Overview

Acuity is growing and looking to hire a Security Control Assessor to support one of our premier federal clients.  Acuity, Inc. seeks a dynamic, self-motivated individual with experience, knowledge and technical skills. 

 

In return, Acuity Inc offers a great company culture with wonderful work/life balance and a robust compensation package which includes Health/Dental/Vision, up to $6K training & professional development benefit annually, 401K matching, corporate events/team-building and more!

 

Acuity was awarded "Best Places to Work" by the Washington Business Journal for over 8 years(2010 - 2014, 2015, 2017-2021, 2023, 2024) and "Top Workplaces" by Washington Post (2022, 2023, 2024). www.myacuity.com

Why Acuity?

Are you ready to use your expertise in the areas of IT Modernization, Data Enablement, and Hyperautomation to make a real difference? Join Acuity, Inc., a technology consulting firm that supports federal agencies. We combine industry partnerships and long-term federal experience with innovative technical leadership to support our customers’ critical missions.

Responsibilities

What you 'll be doing:

• Making recommendations to the IC CISO or designee for improving TTPS for better cyber threat protection.
• Writing final reports and defend all findings, including risk or vulnerability, mitigation strategies, and references.
• Reporting vulnerabilities identified during security assessments.
• Writing penetration testing Rules of Engagement (ROE), Test Plans, and Standard Operating Procedures (SOP).
• Conducting security reviews, technical research and provided reporting to increase security defense mechanisms.
• Ability to assess the robustness of security systems and designs.
• Travel Domestic and International Travel 0-25%.

Qualifications

Required Skills:

• Bachelor’s degree in computer engineering, Computer Science, Electrical Engineering, Information systems, Information Technology, Cybersecurity, or a closely related discipline.
• A Master’s degree in an applicable discipline be substituted for three years of demonstrated work experience.
• Four years of additional demonstrated work experience in Security Control Assessor (SCA) and Defensive Cyber Operations (DCO)Testing will be accepted in lieu of a bachelor’s degree.
• Three years of cybersecurity experience with at least one year of experience conducting SCAs under ICD 503/CNSSI 1253 NIST Cybersecurity Framework, Risk Management Framework (RMF), or a similar framework.
• Three years of experience performing security assessments in a cloud computing environment.
• One full year of SCA experiences within the last three calendar years.
• One full year supporting cloud environment and experience performing security assessments in a cloud environment (AWS, Google, IBM, Azure, and Oracle).
• Expertise in conducting risk-based assessments within Operational Technology (OT) systems including the identification of potential threats, vulnerabilities, regulatory compliance, documentation/reporting, and impacts on critical operations.
• Must meet Department of Defense (DOD) 8570.01-M baseline certification requirement for Information Assurances Technical (IAT) Level III CASP+CE, CCNP Security, CISA, or CISSP or Associate, GCED, GCIH, or CCSP.
• Knowledge of Independent Verification & Validation (IV&V) of security controls.
• Knowledge of general attack strategies (e.g., MITRE ATT&CK Framework).
• Knowledge of NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other ICDs as appropriate.
• Knowledge of system and application security threats and vulnerabilities.
• Knowledge of network access, identity, and access management e.g. public key infrastructure (PKI).
• Knowledge of network protocols such as Transition Control Protocol/Internet Protocol (TCP/IP), Dynamic Host Configuration, Domain Name System (DNS), and directory Services.
• Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Deep understanding of various Operational Technology (OT) systems, architectures and components and security assessment tools/resources such as MITRE ATT&CK for Industrial Control Systems and the National Vulnerability Database (NVD).
• Skill in conducting vulnerability scans and recognizing vulnerability in security systems (e.g., Cloud Environments) ASW, Google, IBM, Azure, and Oracle.
• Strong writing skills.

Clearance Requirements:

• TS/SCI w/Poly

 

About Acuity:

Acuity, Inc. is a leading management and technology consulting firm that specializes in serving the federal government. Our innovative, collaborative and rewarding work environment has earned repeat honors from the Washington Business Journal’s Best Places to Work and SmartCEO Corporate Culture awards.

 

Why Choose Acuity?

• Innovative Excellence: Recognized by The Washington Post's "Top Workplaces" and a nine-time recipient of the Washington Business Journal's "Best Places to Work," Acuity fosters an environment where innovation thrives and employees flourish.
• Competitive Compensation: We value our employees and show it through highly competitive compensation and benefits packages.
• Personal Growth: Your potential isn't just recognized at Acuity, it's actively cultivated. With tailored training, mentorship, and cutting-edge resources, we empower you to thrive personally and professionally.
• Recognition and Visibility: Stand out in a competitive industry with Acuity's exceptional customer feedback and robust opportunity channels.
• Collaborative Culture: At Acuity, teamwork isn't just a buzzword – it's the cornerstone of our success. Encouragement and support fuel our collaborative culture, where every voice matters.
• Diversity and Inclusion: Diversity isn't just a checkbox – it's who we are. At Acuity, we pride ourselves on recruiting and maintaining a workforce that celebrates diversity and treats every employee with dignity and respect.

 Join Acuity, where your talents are valued, your growth is nurtured, and your impact is amplified. Together, let's shape the future of digital strategy and technology consulting.

 

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.