At 38North, we're not just another federal contracting firm. We're the disruptors, the innovators, and the bold thinkers who are breaking the mold. We're on a mission to transform the way security assessments are done for federal IT environments-infusing every project with creativity, excellence, and a touch of rule-breaking spirit. If you want to join a team that thrives on pushing boundaries, this is your moment.
About the Role:
We're looking for mid-level security assessors to support our increasing portfolio of federal customers. You'll need in-depth expertise in federal information system security policy, industry best practices, security control assessments, and all things RMF. Expect to evaluate the security posture of several Federal systems supporting critical government functions.
What You'll Be Doing:
Independent Assessments: Dive into federal IT environments-be it on-premise or cloud (IaaS, PaaS, SaaS)-conducting thorough, no-nonsense security assessments.
Leading the Charge: Run assessment meetings with confidence and clarity, ensuring we're always a step ahead.
Control Assessments: Put your skills to the test by evaluating security controls documented in System Security Plans (SSPs).
Risk Evaluation: Perform risk assessments based on your findings, providing actionable insights that improve security postures.
Documentation Mastery: Craft Security Assessment Reports (SARs), develop POA&Ms, and prepare concise Executive Summaries that make an impact.
What We're Looking For:
5+ years of experience in independent security assessments.
A 4-year degree in business or engineering from an accredited institution.
At least 2 years of FISMA experience.
Bonus Points: Federal IT security assessment experience-highly recommended.
What You Bring to the Table:
Technical Skills:
RMF & NIST Expertise: Strong knowledge and application of the Risk Management Framework and NIST Cybersecurity Framework.
CSAM Proficiency: Experience using CSAM in an RMF Assessor role.
NIST SP Knowledge: Solid understanding of SP 800-53, SP 800-137, SP 800-171, and SP 800-37, plus experience with FedRAMP.
Cloud & Local Environments: Skilled at assessing systems following federal guidelines and best practices.
Collaboration Skills: Work at a technical level with developers, engineers, and managers on complex system teams.
Networking Know-How: Knowledge of networking concepts, protocols, and security methodologies.
Risk Management Acumen: Familiar with risk assessment and mitigation tools and methods.
Regulatory Awareness: Understanding of laws, regulations, and policies related to cybersecurity in federal environments.
Threat Intelligence: Knowledge of current and historical cybersecurity threats and vulnerabilities.
Professional Skills:
Master Multitasker: Expert at juggling multiple priorities and ensuring all deadlines and milestones are met.
Clear Communicator: Articulate and precise in written and verbal communication with system teams and leadership.
Self-Starter: Take initiative and work independently without needing constant oversight.
Team Player: Collaborate effectively within a diverse, integrated team environment.
Why 38North?
Because we're redefining what a federal contractor can be. We value expertise, foster a culture of innovation, and thrive on delivering unmatched solutions for our clients. If you're a cybersecurity expert who's ready to break free from the ordinary and join a forward-thinking team, we want to hear from you.