Technical Security Assessor

Who we are:

ShorePoint is a fast-growing, industry recognized, and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion, and a focus on giving back to our community.

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individual technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 80% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement, etc.

Who we’re looking for:

We are seeking a Technical Security Assessorwho has experience providing support in a dynamic, fast-paced environment within the public sector. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the cybersecurity market. The Technical Security Assessor will have the opportunity to be exposed to all aspects of support to a federal client and will be encouraged to grow as the organization expands.

What you’ll be doing:

The Technical Security Assessor will serve as the lead for all assigned client security control assessments. The candidate will be responsible for the performance of security control assessment planning and execution in compliance with client policies and procedures with minimal supervision. The candidate will be required to conduct walkthroughs of the systems being assessed without dedicated engineering support to collect all required artifacts to support assessment findings. The candidate will be required to assess all layers of the technology stack including but not limited to: operating systems, network equipment, appliances, cloud service providers, applications, tools (AV/AM, endpoint security, etc) and CI/CD pipelines. The candidate will be responsible for developing all required assessment deliverables (including the Security Assessment Report, filling out all test cases, and updating the POA&M documents). The candidate must have had prior experience working with a wide variety of technologies, be well versed in the current state of Information Security and be able to interpret the requirements of relevant governing bodies (NIST, OMB, GAO, etc). The candidate will be required to interface with federal employees and contractors to perform the required activities. Additionally, the candidate will be responsible for assisting in the presentation of the security control assessment status reports and findings to the client. The ideal candidate will have prior experience performing similar work for a federal client, including strategic planning, solution development, FISMA assessments, and technical background.

What you need to know:

• Information technology reviewing, consulting, and advising experience
• Ability to rapidly and effectively research new technologies and apply NIST assessment methods to those technologies
• Knowledge and practical understanding of NIST SP 800 series
• Demonstrated experience independently leading and managing assessments projects with the ability to multi-task, prioritize and work towards strict deadlines
• Previous experience with scanning tools: Nessus, SIH, AppDetective, WebInspect.
• Expert skills in assessment techniques and practices

Must have’s:

• Must have hands-on technology experience (Engineering, Development, or Operations)
• Technical Writing experience
• Excellent interpersonal, interviewing, analytical and problem-solving skills to address variable situations
• General knowledge of industry security requirements, standards, and best practices
• Strong written and verbal communication skills with the ability to read and analyze data effectively to write cogent reports on assessment findings with sound recommendations
• Good human relations, communication, supervisory and time management skills
• Ability to obtain agency required clearance
• A writing sample must be submitted and will be provided as part of the application process

Beneficial to have the following:

• Security Professional Certifications are preferred (CISSP, CISM, CISA, CRISC, CAP, CEH

Where it’s done:

• Herndon, VA or Remote