Cloud Security Assessor - Expert
Company: Guidehouse
Location: Reston
Posted on: June 24, 2025
|
|
|
Job Description:
Job Description Job Family: Technology Consulting Travel
Required: Up to 25% Clearance Required: Active Top Secret SCI with
Polygraph What You Will Do: The SCA advises key stakeholders, such
as the Program Office, Data Owner, and Authorizing
Official/Delegated Authorizing Official, concerning the security
categorization and impact levels for confidentiality, integrity,
and availability of the information on a system. The SCA conducts a
comprehensive assessment of the security controls employed within
or inherited by an Information System (IS) to determine their
overall effectiveness and submit the Body of Evidence (BoE),
composed of the System Security Plan (SSP), Security Assessment
Report (SAR), Plan of Action and Milestones (POA&M), and draft
Authorization to Operate (ATO) Letter, to the Authorizing Official
(AO) or Delegated Authorizing Official (DAO) for review and
authorization decision. This role is responsible for supporting RMF
assessment efforts. As an expert Security Controls Assessor with
expertise in cloud infrastructure possesses specialized skills in
evaluating the security controls of systems hosted in cloud
environments. Their technical functions encompass a range of tasks
aimed minimizing risk while also ensuring the integrity,
confidentiality, and availability of data within the domain. Here
are the technical functions typically associated with this role: -
Support the Assessment and Authorization (A&A) Risk Management
Framework (RMF) for client-managed systems, networks, and enclaves
across security domains. - Validate and review security
documentation, ensuring accuracy and compliance with regulatory
standards. - Advise ISSOs on security categorization and control
selection (RMF Steps 1 and 2) and conduct Technical Exchange
Meetings (TEMs) with security professionals. - Develop test
reports, assessment artifacts, and Plan of Action and Milestones
(POA&Ms) to document findings and oversee resolution efforts. -
Perform Security Test and Evaluation (ST&E) assessments,
ensuring compliance with DoDIIS security standards. - Review system
specifications, security needs, and vulnerabilities. - Develop
security assessment documentation, including System Security Plan
(SSP), Security Assessment Report (SAR), and draft Authorization to
Operate (ATO) letters. - Conduct security assessments using
automated tools and manual techniques to evaluate vulnerabilities
across domains such as access control, cryptography, network
security, and incident response. - Perform vulnerability scans,
analyze findings, and recommend remediation strategies. - Conduct
penetration testing, web application security testing, wireless
network assessments, and social engineering exercises. - Validate
security configurations for compliance with policies and industry
best practices. - Assess regulatory compliance (e.g., GDPR, HIPAA,
PCI DSS, SOX) and develop risk mitigation strategies. - Prepare
detailed assessment reports and communicate findings to
stakeholders. - Contribute to continuous improvement initiatives
for security assessment methodologies and tools. - Share
cybersecurity knowledge through training, mentoring, and staying
updated on emerging threats and trends. - Develop and implement
automated security assessment and monitoring solutions. - Design
and maintain security architectures for cloud and on-premise
systems. - Perform secure code reviews and static/dynamic
application security testing (SAST/DAST). - Support security
engineering efforts in implementing security controls and
integrating security solutions within enterprise environments. -
Conduct forensic analysis and incident response investigations to
identify and mitigate security threats. - Develop security
automation scripts and tools to streamline security assessment
processes. What You Will Need: - An ACTIVE and MAINTAINED TOP
SECRET/SCI federal security clearance with a Counterintelligence
(CI) polygraph - Bachelor's degree - Certification in DoD 8570.01-M
Cybersecurity workforce, compliance with DoD Directive 8140
Cyberspace Workforce Management, and IAT Level III (CASP CE, CCNP
Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP). - FIVE (5)
or more years' experience cybersecurity What Would Be Nice To Have:
- Focus on the consistent execution and updating of organizational
processes and procedures to drive SCA efforts. - Preferred
experience with briefing Senior Executive personnel. - Solid
experience conducting cyber security assessment of complex cloud
systems. - Solid experience with technologies such as Cloud, Data
Encryption, Data Storage. - Have a good understanding of the
Intelligence Community (IC) and DIA. - Have solid knowledge of
networking technologies and protocols. - Have solid knowledge of
NIST Risk Management Framework, DoD, IC Cyber Security controls for
Cross Domain Solutions. What We Offer: Guidehouse offers a
comprehensive, total rewards package that includes competitive
compensation and a flexible benefits package that reflects our
commitment to creating a diverse and supportive workplace. Benefits
include: - Medical, Rx, Dental & Vision Insurance - Personal and
Family Sick Time & Company Paid Holidays - Position may be eligible
for a discretionary variable incentive bonus - Parental Leave and
Adoption Assistance - 401(k) Retirement Plan - Basic Life &
Supplemental Life - Health Savings Account, Dental/Vision &
Dependent Care Flexible Spending Accounts - Short-Term & Long-Term
Disability - Student Loan PayDown - Tuition Reimbursement, Personal
Development & Learning Opportunities - Skills Development &
Certifications - Employee Referral Program - Corporate Sponsored
Events & Community Outreach - Emergency Back-Up Childcare Program -
Mobility Stipend About Guidehouse Guidehouse is an Equal
Opportunity Employer–Protected Veterans, Individuals with
Disabilities or any other basis protected by law, ordinance, or
regulation. Guidehouse will consider for employment qualified
applicants with criminal histories in a manner consistent with the
requirements of applicable law or ordinance including the Fair
Chance Ordinance of Los Angeles and San Francisco. If you have
visited our website for information about employment opportunities,
or to apply for a position, and you require an accommodation,
please contact Guidehouse Recruiting at 1-571-633-1711 or via email
at RecruitingAccommodation@guidehouse.com. All information you
provide will be kept confidential and will be used only to the
extent required to provide needed reasonable accommodation. All
communication regarding recruitment for a Guidehouse position will
be sent from Guidehouse email domains including @guidehouse.com or
guidehouse@myworkday.com. Correspondence received by an applicant
from any other domain should be considered unauthorized and will
not be honored by Guidehouse. Note that Guidehouse will never
charge a fee or require a money transfer at any stage of the
recruitment process and does not collect fees from educational
institutions for participation in a recruitment event. Never
provide your banking information to a third party purporting to
need that information to proceed in the hiring process. If any
person or organization demands money related to a job opportunity
with Guidehouse, please report the matter to Guidehouse’s Ethics
Hotline. If you want to check the validity of correspondence you
have received, please contact recruiting@guidehouse.com. Guidehouse
is not responsible for losses incurred (monetary or otherwise) from
an applicant’s dealings with unauthorized third parties. Guidehouse
does not accept unsolicited resumes through or from search firms or
staffing agencies. All unsolicited resumes will be considered the
property of Guidehouse and Guidehouse will not be obligated to pay
a placement fee.
Keywords: Guidehouse, Bel Air South , Cloud Security Assessor - Expert, IT / Software / Systems , Reston, Maryland
