Intermediate Security Assessor

Saliense is a growing Management and Technology Consulting Solutions provider based out of Tysons, VA. We work to solve our client’s toughest challenges within the Defense, Civilian, Financial, and Healthcare industries. Our diverse employees support vital missions for government and commercial customers. For more information, visit www.saliense.com.

Why Saliense?

In addition to providing a fun, energetic environment that promotes innovation and personal growth, we offer excellent compensation packages with plenty of opportunities for advancement. We pay 100% of the premiums for employee Healthcare, including medical, dental, and vision. We offer 401K match and all company contributions are 100% vested immediately. Since we believe in work-life balance so much, we offer 20 days of paid leave per year. Use it as you need it or use it all at once and go travel for a month! There are many more - connect with us to get a preview of the full benefits package.

Role: Intermediate Security Assessor

Location: Remote (Must be available to work EST hours)

Duties & Responsibilities:

• Conducting independent security assessments of environments (on premise, Cloud (Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)) systems) and applications. Analyze existing security process including automation, security service delivery models. Provide system administration support to the GRC module, to include upgrades, patching, and account management.

Duties include:

• Developing and maintaining the master assessment schedule and schedule security assessments
• Leading and conducting assessment meetings as required
• Leading and conducting independent assessments of security controls as documented in the System Security Plan (SSP)
• Leading and conducting risk assessments based on findings of security controls assessments
• Developing Security Assessment Report (SAR), documenting Plans of Action and Milestones (POA&Ms), and developing Executive Summaries (ES)

Qualifications:

• 4 year degree (Bachelors Degree) from an accredited College or University in Business/Engineering
• Minimum of 8 years of experience in listed tasks
• Need (or contingency to have within 8 months) ISC2 Certified in Governance, Risk and Compliance (CGRC) (Formerly CAP) or industry equivalent certificate.
• Must have or be eligible to obtain a Public Trust Clearance

Technical Skills:

• Experience with RMF and applying the NIST Cybersecurity Framework.
• Experience using CSAM in an RMF Assessor role.
• Solid understanding and application of NIST Special Publications including SP 800-53, SP 800-137, SP 800-171, and SP 800-37.
• Experience with Federal Risk and Authorization Management Program (FedRAMP).
• Experience with assessing systems and applications deployed in local and cloud environments following federal guidelines and best practices.
• Ability to work with cooperatively and at a technical level with developers, engineers, and managers on system teams.
• Knowledge of computer networking concepts, protocols, and network security methodologies.
• Knowledge of risk management processes and tools (e.g., methods and tools for assessing and mitigating risks).
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy in a federal environment.
• Knowledge of current and past cybersecurity threats and vulnerabilities.

Professional Skills:

• Ability to effectively manage and prioritize multiple tasks and duties simultaneously while effectively coordinating and ensuring that scheduled delivery dates and milestones are achieved.
• Able to communicate effectively in a accurate and concise manner through written and verbal means to system teams and product and cybersecurity leadership.
• Ability to take initiative on assigned systems and related tasks and work with minimal supervision.
• Ability to work and collaborate as part of an integrated team with diverse backgrounds.

***Saliense Consulting LLC provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.