Job Description
Job Description
cFocus Software is seeking a highly skilled Subject Matter Expert (SME) – Security Control Assessor (SCA) to support the Enterprise Security Services (ESS) program. This role is responsible for leading security control assessments, validating system compliance, and ensuring the effectiveness of cybersecurity controls across federal information systems. The successful candidate will provide expert guidance on remediation and risk mitigation while supporting system authorization and reauthorization processes in alignment with the ESS Performance Work Statement (PWS).
ResponsibilitiesSecurity Assessment & Validation
-
Serve as the lead assessor for evaluating the implementation and effectiveness of security controls.
-
Conduct security control assessments in alignment with NIST SP 800-53 and the Risk Management Framework (RMF).
-
Perform vulnerability assessments, penetration testing, and risk analysis to validate system security posture.
-
Support preparation of systems for Authorization to Operate (ATO) and Authorization to Connect (ATC).
Documentation & Compliance
-
Develop, review, and validate Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and associated risk documentation.
-
Support the development, maintenance, and tracking of Plans of Action and Milestones (POA&Ms).
-
Ensure assessment activities meet compliance standards and federal cybersecurity requirements.
-
Present assessment findings, risks, and recommendations to senior leadership and government stakeholders.
Expertise & Mentorship
-
Provide subject matter expertise and remediation guidance to system owners, ISSOs, and engineers.
-
Mentor and guide junior assessors and security staff to strengthen organizational capability.
-
Contribute to the adoption of best practices in assessment and authorization processes.
Required Experience
-
10+ years of cybersecurity experience, including at least 5 years in security assessment roles.
-
Demonstrated expertise with NIST SP 800-53, RMF, FISMA, and other federal cybersecurity frameworks.
-
Proven experience leading security control assessments, audits, and inspections for federal systems.
-
Proficiency with vulnerability management tools, penetration testing, and continuous monitoring.
-
Strong skills in risk management, analysis, and technical writing.
Education & Certifications
-
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
-
Relevant advanced cybersecurity certifications (e.g., CISSP, CAP, CISA, CISM, or equivalent).
-
Master’s degree preferred.
Clearance Requirement
-
Active Public Trust clearance required.
Powered by JazzHR
RAr5gppQ9O