Apply on Employer Site

Steampunk, Inc. · 3 weeks ago

Cloud Security Control Assessor

Washington, DC

Full-time

Onsite

Mid, Senior Level

$115K/yr - $165K/yr

5+ years exp

Steampunk, Inc. is a Change Agent in the Federal contracting industry, and they are seeking a Cloud Security Control Assessor to support a government customer. The role involves leading security assessments, evaluating controls across various environments, and providing technical recommendations to enhance security posture.

ConsultingInformation Technology

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Lead security assessments in accordance with NIST SP 800-53, NIST RMF (SP 800-37), FedRAMP, and agency-specific guidance

Evaluate technical, operational, and management controls across cloud, on-premises, and hybrid environments

Develop Assessment Plans and Security Assessment Reports (SARs)

Coordinate with Information System Security Officers (ISSOs), System Owners, and authorization officials to review evidence and mitigate control deficiencies

Analyze vulnerability scans, configuration baselines, and penetration test results to determine control effectiveness

Provide technical recommendations to remediate weaknesses and strengthen security posture

Maintain assessment documentation in compliance with organizational and federal standards (e.g., FISMA, FedRAMP)

Present findings and risk analysis to management and Authorization Officials (AOs)

Support continuous monitoring processes and control validation efforts for ongoing authorization

Qualification

NIST SP 800-53FISMACloud SecurityCISSPVulnerability AnalysisSecurity Assessment ReportsAssessment ToolsAnalytical SkillsCommunication SkillsAttention to Detail

Required

Bachelor's Degree and 5 years of relevant IT cybersecurity experience; OR

No degree with a total of ten (10) years of cybersecurity experience, including two (2) years of FISMA experience

One of the following certifications (may be obtained within six (6) months of hire):

Certified Information System Security Professional (CISSP)

CompTIA Advanced Security Practitioner (CASP)

Certified Information Systems Auditor (CISA)

Certified Information Security Manager (CISM)

Familiarity with one or more: DHS Directive 4300A and NIST Special Pubs 800-30, 800-37, 800-39, 800-53, 800-60

Strong understanding of NIST SP 800-53 controls, FIPS publications 199 and 200, and cybersecurity compliance standards

Hands-on experience reviewing security control artifacts related to the NIST SP 800-53 controls

Proficiency with assessment tools (e.g., Nessus, Splunk, Tenable.SC, SCAP scanners)

Direct experience providing independent evaluations for system authorization packages, including in cloud environments (AWS, Azure, etc.)

Analytical skills to interpret vulnerabilities, compliance gaps, and potential threats in diverse systems

Understands the difference between cloud and non-cloud security control baselines

Preferred

Experience as an Information System Security Officer (ISSO)

Experience with Vulnerability, Configuration, and Asset Management tools in support of Continuous Monitoring

Excellent analytical, written, and verbal communication skills

Strong attention to detail in preparing federal security documentation

Experience with: POA&M management, Performing Security Authorization, Performing Risk Analysis and Assessment, CSAM or similar tool GRC tool

Experience providing ISSO support to DHS

Experience supporting systems hosted in Cloud environments

Experience supporting systems in Agile and DevOps environments

Company

Steampunk, Inc.

Glassdoor4.4

Steampunk is anchored by a startup culture with a customer-centered delivery approach, we put our Federal government clients in the center of everything we design, develop, and deliver to drive high-quality mission impacts and user experiences at speed.

Founded in 2019

Washington, District of Columbia, USA

201-500 employees