[Hiring] Security Assessor @Chenega Corporation

Role Description

SecuriGence is seeking a Security Assessor to support the Health and Human Services Administration for the Community Living Enterprise IT Services Program. The Security Assessor will play a critical role in ensuring the security and compliance of the HHS ACL EITS program's information systems. The individual will be responsible for:

• Assessing security controls
• Conducting security audits
• Developing secure architectures that align with federal regulations and guidelines, such as FISMA, NIST 800-53, and FedRAMP
• Collaborating with key stakeholders, including the Information System Security Officer (ISSO), Cloud Infrastructure Architect, and other program teams

Responsibilities

• Conduct comprehensive security control assessments of the HHS ACL EITS systems to ensure compliance with FISMA, NIST 800-53, FedRAMP, and other federal regulations.
• Prepare and present security assessment reports to senior management and government stakeholders.
• Develop and maintain secure architecture designs that comply with federal security standards, ensuring the system's confidentiality, integrity, and availability.
• Collaborate with the Cloud Infrastructure Architect and Application Developers to integrate security controls into system design and implementation.
• Implement security by design principles and ensure all software, systems, and infrastructure meet stringent security requirements.
• Conduct risk assessments to identify and prioritize risks associated with information systems.
• Develop and implement risk mitigation strategies, ensuring that all identified risks are managed appropriately and in alignment with government standards.
• Ensure that security documentation, such as System Security Plans (SSPs) and Risk Management Framework (RMF) artifacts, are up-to-date and accurately reflect the system's security posture.
• Perform regular vulnerability assessments and penetration testing to identify and remediate security weaknesses in the system.
• Assist in the preparation and execution of Authorization and Accreditation (A&A) packages, ensuring compliance with NIST RMF and supporting the program's ongoing operations.
• Work closely with the Authorizing Official (AO) to ensure timely authorization of systems and assist in maintaining an accurate and updated authorization status.
• Assist in the incident response process, investigating and reporting security breaches, unauthorized access, and other security incidents.
• Lead forensic investigations to determine root causes of incidents and provide recommendations for remediation.
• Prepare post-incident reports detailing the findings and actions taken to prevent future occurrences.
• Develop and deliver security awareness training for staff and stakeholders, ensuring everyone understands their role in maintaining the program's security.
• Foster a security-first mindset across the program to ensure all team members contribute to the protection of information assets.
• Other duties as assigned.

Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, or additional experience in lieu of a degree.
• 5+ years of experience in security architecture, security assessment, or a related cybersecurity role within a federal or government environment.
• Certification in the following is preferred:
  • Certified Information Systems Auditor (CISA)
  • Certified Ethical Hacker (CEH)
  • Certified Information Security Manager (CISM)
  • Certified Cloud Security Professional (CCSP)
  • Certified Information Systems Security Professional (CISSP), or equivalent experience and knowledge commensurate with certification requirements
• Background check with the ability to pass a Public Trust Background Investigation

Requirements

• Extensive experience with NIST RMF, FISMA, FedRAMP, and other federal security frameworks.
• Familiarity with cloud security architectures, particularly in Microsoft Azure and/or AWS environments.
• Strong understanding of vulnerability management, penetration testing, and forensic investigation tools.
• Experience with SIEM tools, security monitoring, and incident response frameworks.

Benefits

• Broad range of benefits offered to team members.
• Opportunities for professional development and skill sharpening.
• Supportive culture that encourages team members to do their best work.
• Well-being programs and flexibility to maintain a healthy work-life balance.