Job description
Artemis Federal is an IT consulting firm working with large Federal clients in the Washington DC/Baltimore, MD area. Our mission is to build careers in the Cybersecurity field while providing high-quality consulting services to the Federal Government. We are in search of a Cyber Security Assessor to support existing and future client engagements. This is the perfect role for a self-motivated, information security professional ready to join a growing small business of security experts. Successful candidates must be able to demonstrate a strong understanding of FISMA and NIST Special Publications,. This is a great opportunity to make an immediate impact in a respectful, fun, and challenging place of employment. Apply if you think we're a good match!
Minimum Requirements:
- Bachelor's degree in IT or related field
- 1-5 Years IT experience in FISMA Assessments
- One of the following certifications: CompTIA Security+, CISSP, ISACA CISA, GIAC GSEC, GIAC GSNA, GIAC GPEN, CEH, CAP, CASP+, CRISC, or CCSK.
- Ability to obtain and hold Public Trust suitability; US Citizenship required for all candidates
Desired Skills:
- A strong understanding of FISMA and NIST Special Publications, especially NIST SP 800-37 and NIST SP 800-53.
- Ability to assess and mitigate risk, evaluate, and select appropriate technologies, and apply proper security safeguards.
- Knowledge of vulnerability scanning tools, such as Tenable Security Center / Nessus.
- Knowledge of system and application security threats and vulnerabilities.
Responsibilities:
- Support FISMA systems through the Security Assessment & Authorization (SA&A) lifecycle.
- Assess the confidentiality, integrity, and availability impact levels of information stored, possessed, and transmitted by systems to determine the FIPS 199 security categorization.
- Develop and maintain system security documentation throughout all phases of the NIST Risk Management Framework (RMF). This includes security categorizations, digital identity risk assessments, system security plans, system policy and procedures, privacy impact assessments, contingency plans, configuration management plans, incident response plans, vulnerability assessment reports, deviation requests, and any other documents necessary to support systems' authorization and continuous monitoring.
- Analyze risks identified during security control assessments and continuous monitoring activities in accordance with NIST SP 800-30. This includes making a determination regarding the likelihood and impact of the risk being exploited, along with a supporting rationale, and providing recommendations for mitigation/remediation.
- Perform and document the results of vulnerability scans and configuration compliance checks against configuration standards such as DISA STIGs and CIS Benchmarks.
- Analyze FedRAMP security packages to document and assess customer responsibility for cloud-based systems.
- Assist in the review of monthly continuous monitoring deliverables produced by Cloud Service Providers (CSPs) and annual assessments (produced by third party assessors [3PAOs]) in support of FedRAMP requirements to ensure that cloud services maintain an appropriate risk posture.
- Create, track, and manage system Plans of Action and Milestones (POA&Ms).
- Attend project meetings and collaborate with stakeholders to ensure security is addressed throughout the entire system lifecycle.
Benefits:
Artemis Federal offers a competitive compensation package with opportunities for growth and professional development. Benefits for full-time, permanent members start on the first day of employment.
- Full-Time Base Salary (W-2)
- Medical, Dental, and Vision Insurance
- Paid Vacation and Federal Holidays
- Education and Professional Development Assistance
- Employee Referral Program
- 401K with Company Matching
Keywords: Information Security, Risk Management Framework (RMF), Security Assessments, Audit, FISMA, Security Authorization (SA), Security Policy, Independent Verification & Validation (IV&V), FIPS199/200, NIST Special Publication, NIST 800-53, NIST 800-37, Cyber Security Assessment and Management (CSAM), Xacta, Plans of Actions and Milestones (POA&M), System Security Plan (SSP), Security Authorization Plan (SAP), Security Assessment Report (SAR), Risk Assessment Report (RAR), Privacy Impact Assessment (PIA), Audit and Accountability, Contingency Planning (CP), Assessment and Authorization (A&A), FedRAMP, Cloud Environments, Security Control Testing, Vulnerability Scanning, Nessus, Authorization to Operate (ATO), Information Assurance, Certification and Accreditation (C&A), HP Fortify
We wish to thank all applicants for their interest and effort in applying for this position. However, only candidates selected for interviews will be contacted. No unsolicited agency referrals, please. Qualified applicants will receive consideration for employment without regard to their race, color, religion, national origin, sex, protected veteran status or disability.
Job Type: Full-time
Job Type: Full-time
Pay: $65,000.00 - $85,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Employee assistance program
- Health insurance
- Paid time off
- Professional development assistance
- Tuition reimbursement
- Vision insurance
Compensation Package:
Schedule:
Work Location: Remote
