? High Salary! Cloud Security Assessor - Expert
Company: Guidehouse
Location: Reston
Posted on: July 8, 2025
|
|
|
Job Description:
Job Family: Technology Consulting Travel Required: Up to 25%
Clearance Required: Active Top Secret SCI with Polygraph What You
Will Do: The SCA advises key stakeholders, such as the Program
Office, Data Owner, and Authorizing Official/Delegated Authorizing
Official, concerning the security categorization and impact levels
for confidentiality, integrity, and availability of the information
on a system. The SCA conducts a comprehensive assessment of the
security controls employed within or inherited by an Information
System (IS) to determine their overall effectiveness and submit the
Body of Evidence (BoE), composed of the System Security Plan (SSP),
Security Assessment Report (SAR), Plan of Action and Milestones
(POA&M), and draft Authorization to Operate (ATO) Letter, to
the Authorizing Official (AO) or Delegated Authorizing Official
(DAO) for review and authorization decision. This role is
responsible for supporting RMF assessment efforts. As an expert
Security Controls Assessor with expertise in cloud infrastructure
possesses specialized skills in evaluating the security controls of
systems hosted in cloud environments. Their technical functions
encompass a range of tasks aimed minimizing risk while also
ensuring the integrity, confidentiality, and availability of data
within the domain. Here are the technical functions typically
associated with this role: - Support the Assessment and
Authorization (A&A) Risk Management Framework (RMF) for
client-managed systems, networks, and enclaves across security
domains. - Validate and review security documentation, ensuring
accuracy and compliance with regulatory standards. - Advise ISSOs
on security categorization and control selection (RMF Steps 1 and
2) and conduct Technical Exchange Meetings (TEMs) with security
professionals. - Develop test reports, assessment artifacts, and
Plan of Action and Milestones (POA&Ms) to document findings and
oversee resolution efforts. - Perform Security Test and Evaluation
(ST&E) assessments, ensuring compliance with DoDIIS security
standards. - Review system specifications, security needs, and
vulnerabilities. - Develop security assessment documentation,
including System Security Plan (SSP), Security Assessment Report
(SAR), and draft Authorization to Operate (ATO) letters. - Conduct
security assessments using automated tools and manual techniques to
evaluate vulnerabilities across domains such as access control,
cryptography, network security, and incident response. - Perform
vulnerability scans, analyze findings, and recommend remediation
strategies. - Conduct penetration testing, web application security
testing, wireless network assessments, and social engineering
exercises. - Validate security configurations for compliance with
policies and industry best practices. - Assess regulatory
compliance (e.g., GDPR, HIPAA, PCI DSS, SOX) and develop risk
mitigation strategies. - Prepare detailed assessment reports and
communicate findings to stakeholders. - Contribute to continuous
improvement initiatives for security assessment methodologies and
tools. - Share cybersecurity knowledge through training, mentoring,
and staying updated on emerging threats and trends. - Develop and
implement automated security assessment and monitoring solutions. -
Design and maintain security architectures for cloud and on-premise
systems. - Perform secure code reviews and static/dynamic
application security testing (SAST/DAST). - Support security
engineering efforts in implementing security controls and
integrating security solutions within enterprise environments. -
Conduct forensic analysis and incident response investigations to
identify and mitigate security threats. - Develop security
automation scripts and tools to streamline security assessment
processes. What You Will Need: - An ACTIVE and MAINTAINED TOP
SECRET/SCI federal security clearance with a Counterintelligence
(CI) polygraph - Bachelor's degree - Certification in DoD 8570.01-M
Cybersecurity workforce, compliance with DoD Directive 8140
Cyberspace Workforce Management, and IAT Level III (CASP CE, CCNP
Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP). - FIVE (5)
or more years' experience cybersecurity What Would Be Nice To Have:
- Focus on the consistent execution and updating of organizational
processes and procedures to drive SCA efforts. - Preferred
experience with briefing Senior Executive personnel. - Solid
experience conducting cyber security assessment of complex cloud
systems. - Solid experience with technologies such as Cloud, Data
Encryption, Data Storage. - Have a good understanding of the
Intelligence Community (IC) and DIA. - Have solid knowledge of
networking technologies and protocols. - Have solid knowledge of
NIST Risk Management Framework, DoD, IC Cyber Security controls for
Cross Domain Solutions. What We Offer: Guidehouse offers a
comprehensive, total rewards package that includes competitive
compensation and a flexible benefits package that reflects our
commitment to creating a diverse and supportive workplace. Benefits
include: - Medical, Rx, Dental & Vision Insurance - Personal and
Family Sick Time & Company Paid Holidays - Position may be eligible
for a discretionary variable incentive bonus - Parental Leave and
Adoption Assistance - 401(k) Retirement Plan - Basic Life &
Supplemental Life - Health Savings Account, Dental/Vision &
Dependent Care Flexible Spending Accounts - Short-Term & Long-Term
Disability - Student Loan PayDown - Tuition Reimbursement, Personal
Development & Learning Opportunities - Skills Development &
Certifications - Employee Referral Program - Corporate Sponsored
Events & Community Outreach - Emergency Back-Up Childcare Program -
Mobility Stipend About Guidehouse Guidehouse is an Equal
Opportunity Employer–Protected Veterans, Individuals with
Disabilities or any other basis protected by law, ordinance, or
regulation. Guidehouse will consider for employment qualified
applicants with criminal histories in a manner consistent with the
requirements of applicable law or ordinance including the Fair
Chance Ordinance of Los Angeles and San Francisco. If you have
visited our website for information about employment opportunities,
or to apply for a position, and you require an accommodation,
please contact Guidehouse Recruiting at 1-571-633-1711 or via email
at RecruitingAccommodation@guidehouse.com. All information you
provide will be kept confidential and will be used only to the
extent required to provide needed reasonable accommodation. All
communication regarding recruitment for a Guidehouse position will
be sent from Guidehouse email domains including @guidehouse.com or
guidehouse@myworkday.com. Correspondence received by an applicant
from any other domain should be considered unauthorized and will
not be honored by Guidehouse. Note that Guidehouse will never
charge a fee or require a money transfer at any stage of the
recruitment process and does not collect fees from educational
institutions for participation in a recruitment event. Never
provide your banking information to a third party purporting to
need that information to proceed in the hiring process. If any
person or organization demands money related to a job opportunity
with Guidehouse, please report the matter to Guidehouse’s Ethics
Hotline. If you want to check the validity of correspondence you
have received, please contact recruiting@guidehouse.com. Guidehouse
is not responsible for losses incurred (monetary or otherwise) from
an applicant’s dealings with unauthorized third parties. Guidehouse
does not accept unsolicited resumes through or from search firms or
staffing agencies. All unsolicited resumes will be considered the
property of Guidehouse and Guidehouse will not be obligated to pay
a placement fee.
Keywords: Guidehouse, Alexandria , ? High Salary! Cloud Security Assessor - Expert, IT / Software / Systems , Reston, Virginia
