Security Controls Assessor
Make a difference here.
UltraViolet Cyber is a leading platform-enabled unified security operations company providing a comprehensive suite of security operations solutions. Founded and operated by security practitioners with decades of experience, the UltraViolet Cyber security-as-code platform combines technology innovation and human expertise to make advanced real-time cybersecurity accessible for all organizations by eliminating risks of separate red and blue teams.
By creating continuously optimized identification, detection, and resilience from today’s dynamic threat landscape, UltraViolet Cyber provides both managed and custom-tailored unified security operations solutions to the Fortune 500, Federal Government, and Commercial clients. UltraViolet Cyber is headquartered in McLean, Virginia, with global offices across the U.S. and in India.
UltraViolet Cyber is seeking to hire a Senior Security Control Assessor (SCA) to act as an independent evaluator to ensure the effectiveness of management, operational, and technical security controls. The candidate will lead cybersecurity compliance assessments, identify control gaps and vulnerabilities, and recommend risk-mitigation strategies to support enterprise system authorization.
What You'll Do:
- Assessment Execution: Plan and execute comprehensive security control assessments in accordance with frameworks like the Risk Management Framework (RMF) and FISMA.
- Testing & Evaluation: Review system configurations, evaluate evidence, and perform technical testing (e.g., vulnerability scanning) to validate security posture.
- Documentation & Reporting: Compile assessment results into Security Assessment Reports (SARs) and generate risk determinations for Authorizing Officials (AOs).
- Remediation & Tracking: Identify control weaknesses and support the development of Plans of Action and Milestones (POA&Ms).
- Team Leadership: Guide junior assessors, review deliverables, and coordinate assessment activities with ISSOs, system owners, and stakeholders.
What You've Done:
- US Citizenship is required for this role.
- Education: Bachelor’s degree in cybersecurity, computer science, information systems, or a related field. (Or 6 years of experience equivalency)
- Experience: 7+ years of hands-on experience in cybersecurity, audit, or compliance, with specialized focus on RMF and NIST 800-series publications.
- Regulatory Expertise: Deep understanding of statutory guidance such as NIST SP 800-53, NIST SP 800-53A, and FISMA.
- Certifications: Industry-recognized credentials such as the Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified Authorization Professional (CAP).
- Background Investigation: This role requires a Federal background investigation. A current or prior DHS suitability is highly preferred.