Apply on Employer Site

Newberry Group · 5 months ago

Junior Security Control Assessor

Chambersburg, PA

Full-time

Hybrid

Entry Level

$70K/yr - $74K/yr

3+ years exp

Newberry Group is a professional services firm providing information security compliance and consulting to public sector clients. They are seeking a Junior Security Control Assessor to conduct cybersecurity assessments and audits for DoD organizations, requiring significant travel and a DoD clearance.

Cyber SecurityInformation Technology

No H1B

Security Clearance Required

Responsibilities

Conduct cybersecurity assessments, audits, and inspections for DoD organizations and partners handling DoD information or connecting to the DoDIN

Evaluate systems and Defensive Cyberspace Operations using cyber threat emulation and performance-based testing

Adhere to policies and processes for each assessment type

Support assessment development and execution to ensure security expertise is properly applied

Coordinate logistics, test plans, and scope with the SCA Team Lead

Perform vulnerability assessments, capture results using STIG Viewer or designated tools, and document findings in eMASS

Analyze security gaps and provide mitigation recommendations

Validate cybersecurity controls, TTPs, STIGs, RMF controls, and compliance with DoD policies and guidelines

Provide risk analysis and assessment results for authorization recommendations

Participate in daily assessment reviews, in-briefs, and out-briefs, sharing findings with the SCA-R

The candidate will be required to review applicable controls to determine compliance status and enter all test results into the designated repository (Enterprise Mission Assurance Support Service (eMASS)

Providing key assessment results to the team lead to include the number of controls reviewed and risk/residual information for inclusion in the authorization recommendation

The candidate will be required to be certified via the ACP IAW the ACP CONOPS before conducting any assessments

The candidate must be certified in a minimum of two (2) technologies and RMF Control Validation

The contractor shall maintain active accounts to the tools and systems required to perform risk assessments

The candidate will be required to participate in the in-brief and out-brief of each assessment

Qualification

IAT Level II certificationRMF process understandingCompTIA Cybersecurity AnalystEMASS familiaritySTIGs familiarityCybersecurity best practicesCommunication skills

Required

Bachelor's degree in a related area of study (i.e. Security, Information Technology)

At least three (3) years of experience supporting similar requirements

Active DoD Top Secret clearance with SCI eligibility

IAT Level II certification active or will obtain within 90 days of hire

Familiarity with STIGs (Security Technical Implementation Guides), Security Requirement Guides (SRGs), Plan of Action and Milestones (POA&Ms) and cybersecurity best practices

Understanding of the RMF process, NIST SP 800-37, NIST SP 800-53, CNSSI 1253

Familiarity with relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS

Strong written and verbal communication skills for reporting assessment findings