Looking for challenging work with customer impact? Join Veris Group, an industry-leading, award-winning cybersecurity company. We employ the most talented industry professionals to respond to our customers’ most complex cyber challenges. Our rapid growth has been the result of an exciting entrepreneurial culture and attention to customer service. Take the next step to advance your career.
Veris Group, LLC has immediate opening for a Senior Technical Assessment Lead to join our rapidly growing Security Assessment Services (SAS) team. The SAS team is a highly technical team of assessors that focuses on complex cloud assessments to meet FedRAMP, FISMA and DISA cloud security standards. The position requires a strong understanding of security related system controls and an understanding of the various testing methods utilized to ascertain the effectiveness of those controls. The candidate should have a background leading small teams and running projects from planning, through execution and delivery of final results to multiple tiers of customer stakeholders. This person will be assigned technical sections and be able to provide client ready deliverables.
Ability to drive a customer through the full assessment lifecycle, this includes planning and scoping the assessment, leading a team to execute the assessment and communicating results both through written and oral communications. This person should have a strong understanding of NIST 800-30, 800-37 rev 1, and 800-53 rev 4, to include the ability to communicate the objectives to technical and non-technical customers.
- Facilitate Security Control Assessment (SCA) and possibly other advanced-level Continuous Monitoring Activities within cloud-based environments.
- To be considered for this position, the candidate must be available to work in Northern Virginia (McLean or Sterling) and travel on occasion (25% of the time). A government background investigation is required
- Execute examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4.
- Ensure cyber security policies are adhered to and that required controls are implemented.
- Validate respective information system security plans to ensure NIST control requirements are met.
- Develop resultant SCA documentation, including but not limited to the Security Assessment Report.
- Author recommendations associated with your findings on how to improve the customer’s security posture in accordance with NIST controls.
- Ability to lead complex cloud assessments independently
- Candidate must have solid knowledge of information security principles and practices, as well as an advanced understanding of security protocols and standards.
- Candidate must have led teams of assessors through large complex system assessments to meet FISMA or FedRAMP compliance guidelines.
- Candidate must have at least four (4) years of experience in the IT industry, and be familiar with the applicable NIST Special Publications 800-37 Revision 1, 800-53 Revision 4, and 800-53A Revision 4.
- Experience reviewing Nessus output a plus, along with basic knowledge of networking components and various operating systems in a cloud environment, including UNIX and Microsoft.
- Candidate must have the ability to work independently and as part of a team
- Preferred that the candidate has a CISSP, CISA, PMP and/or Security+ certification, but it is not required
- Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements is a plus
- Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
- Collaborate on multiple project at a given time
- Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change