cFocus Software Incorporated
SME - Security Control Assessor (SCA) - HHS ESS
cFocus Software Incorporated, Washington, District of Columbia, us, 20022
Subject Matter Expert (SME) Security Control Assessor (SCA)
to support the Enterprise Security Services (ESS) program. This role is responsible for leading security control assessments, validating system compliance, and ensuring the effectiveness of cybersecurity controls across federal information systems. The successful candidate will provide expert guidance on remediation and risk mitigation while supporting system authorization and reauthorization processes in alignment with the ESS Performance Work Statement (PWS). Responsibilities
Security Assessment & Validation
Serve as the lead assessor for evaluating the implementation and effectiveness of security controls.
Conduct security control assessments in alignment with
NIST SP 800-53
and the
Risk Management Framework (RMF) .
Perform vulnerability assessments, penetration testing, and risk analysis to validate system security posture.
Support preparation of systems for
Authorization to Operate (ATO)
and
Authorization to Connect (ATC) .
Documentation & Compliance
Develop, review, and validate
Security Assessment Plans (SAPs) ,
Security Assessment Reports (SARs) , and associated risk documentation.
Support the development, maintenance, and tracking of
Plans of Action and Milestones (POA&Ms) .
Ensure assessment activities meet compliance standards and federal cybersecurity requirements.
Present assessment findings, risks, and recommendations to senior leadership and government stakeholders.
Expertise & Mentorship
Provide subject matter expertise and remediation guidance to system owners, ISSOs, and engineers.
Mentor and guide junior assessors and security staff to strengthen organizational capability.
Contribute to the adoption of best practices in assessment and authorization processes.
Required Experience
10+ years of cybersecurity experience, including at least 5 years in security assessment roles.
Demonstrated expertise with
NIST SP 800-53, RMF, FISMA , and other federal cybersecurity frameworks.
Proven experience leading security control assessments, audits, and inspections for federal systems.
Proficiency with vulnerability management tools, penetration testing, and continuous monitoring.
Strong skills in
risk management, analysis, and technical writing .
Education & Certifications
Bachelors degree in Cybersecurity, Information Technology, Computer Science, or related field.
Relevant advanced cybersecurity certifications (e.g.,
CISSP, CAP, CISA, CISM , or equivalent).
Masters degree preferred.
Clearance Requirement
Active
Public Trust clearance
required.
#J-18808-Ljbffr
to support the Enterprise Security Services (ESS) program. This role is responsible for leading security control assessments, validating system compliance, and ensuring the effectiveness of cybersecurity controls across federal information systems. The successful candidate will provide expert guidance on remediation and risk mitigation while supporting system authorization and reauthorization processes in alignment with the ESS Performance Work Statement (PWS). Responsibilities
Security Assessment & Validation
Serve as the lead assessor for evaluating the implementation and effectiveness of security controls.
Conduct security control assessments in alignment with
NIST SP 800-53
and the
Risk Management Framework (RMF) .
Perform vulnerability assessments, penetration testing, and risk analysis to validate system security posture.
Support preparation of systems for
Authorization to Operate (ATO)
and
Authorization to Connect (ATC) .
Documentation & Compliance
Develop, review, and validate
Security Assessment Plans (SAPs) ,
Security Assessment Reports (SARs) , and associated risk documentation.
Support the development, maintenance, and tracking of
Plans of Action and Milestones (POA&Ms) .
Ensure assessment activities meet compliance standards and federal cybersecurity requirements.
Present assessment findings, risks, and recommendations to senior leadership and government stakeholders.
Expertise & Mentorship
Provide subject matter expertise and remediation guidance to system owners, ISSOs, and engineers.
Mentor and guide junior assessors and security staff to strengthen organizational capability.
Contribute to the adoption of best practices in assessment and authorization processes.
Required Experience
10+ years of cybersecurity experience, including at least 5 years in security assessment roles.
Demonstrated expertise with
NIST SP 800-53, RMF, FISMA , and other federal cybersecurity frameworks.
Proven experience leading security control assessments, audits, and inspections for federal systems.
Proficiency with vulnerability management tools, penetration testing, and continuous monitoring.
Strong skills in
risk management, analysis, and technical writing .
Education & Certifications
Bachelors degree in Cybersecurity, Information Technology, Computer Science, or related field.
Relevant advanced cybersecurity certifications (e.g.,
CISSP, CAP, CISA, CISM , or equivalent).
Masters degree preferred.
Clearance Requirement
Active
Public Trust clearance
required.
#J-18808-Ljbffr