[Hiring] Security Controls Assessor / OSCAL @TestPros

Role Description

The ideal candidate will have strong hands-on experience conducting independent security control compliance assessments using guidelines from NIST (800-53, 800-171) and assessment automation via OSCAL (Open Security Controls Assessment Language). You must have security controls and OSCAL experience in both U.S. Government and Commercial environments. FedRAMP experience is a plus.

Qualifications

• Proven OSCAL experience (at least two years)
• 5+ years of hands-on security controls assessment and development of Security Assessment Plan (SAP), Security Assessment Report (SAR), and Plan of Actions and Milestones (POA&M)
• Experience with RegScale, Paramify, or similar tools
• Experience with government, public sector, or municipal IT environments is highly preferred
• Ability to write clear, professional, and actionable technical reports
• Full U.S. Citizenship, and ability to pass an extensive background check

Requirements

• Experience with NIST 800-53 based ATO assessment, NIST 800-171/CMMC assessment, and/or HIPAA assessment
• Ability to produce a set of interoperable, extensible, machine-readable formats that supports a broad range of control-based risk management processes (XML-, JSON-, and YAML-based formats that allow for lossless translations between XML, JSON, and YAML representations)
• Familiarity with U.S. Government security policy requirements
• Experience coordinating with multi-agency or cross-organizational IT teams
• Expertise with common tools such as Kali Linux, Burp Suite, Nmap, Metasploit, Nessus/Tenable, and Wireshark

Benefits

• Competitive salary
• Medical/dental/vision insurance
• Life insurance
• Paid time off
• Paid holidays
• 401(k) retirement plan with company match
• Opportunities for professional growth
• Cell phone discounts
• All benefits are per TestPros current policies and are subject to change without notice
• Benefits are available to full-time employees