• Cloud Security Control Assessor

    Steampunk (Washington, DC)


    Overview

    **Steampunk**  wants you to be a  **Cloud** **Security Control Assessor** on our team to support a government customer. The primary responsibilities for the position are to support all security assessment activities that ensure risk within the system is maintained at an acceptable level. The nature of the work requires that the candidate demonstrates initiative, organization, responsibility, customer service skills, and the ability to be flexible and adaptive to a fast-paced, fluid business environment. The candidate must be able to communicate effectively and decisively with all levels of the organization and be able to solve practical problems as well as exercise sound judgement with regards to sensitive and confidential information.

     

    Contributions

    As a member of one of our assessment teams, you will play an important role in performing a wide array of cybersecurity duties including:

    + Lead security assessments in accordance with NIST SP 800-53, NIST RMF (SP 800-37), FedRAMP, and agency-specific guidance.

    + Evaluate technical, operational, and management controls across cloud, on-premises, and hybrid environments.

    + Develop Assessment Plans and Security Assessment Reports (SARs).

    + Coordinate with Information System Security Officers (ISSOs), System Owners, and authorization officials to review evidence and mitigate control deficiencies.

    + Analyze vulnerability scans, configuration baselines, and penetration test results to determine control effectiveness.

    + Provide technical recommendations to remediate weaknesses and strengthen security posture.

    + Maintain assessment documentation in compliance with organizational and federal standards (e.g., FISMA, FedRAMP).

    + Present findings and risk analysis to management and Authorization Officials (AOs).

    + Support continuous monitoring processes and control validation efforts for ongoing authorization.

    Qualifications

    + Bachelor's Degree and 5 years of relevant IT cybersecurity experience; OR

    + No degree with a total of ten (10) years of cybersecurity experience, including two (2) years of FISMA experience.

    + One of the following certifications (may be obtained within six (6) months of hire):

    + Certified Information System Security Professional (CISSP)

    + CompTIA Advanced Security Practitioner (CASP)

    + Certified Information Systems Auditor (CISA)

    + Certified Information Security Manager (CISM)

    + Familiarity with one or more: DHS Directive 4300A and NIST Special Pubs 800-30, 800-37, 800-39, 800-53, 800-60.

    + Strong understanding of NIST SP 800-53 controls, FIPS publications 199 and 200, and cybersecurity compliance standards.

    + Hands-on experience reviewing security control artifacts related to the NIST SP 800-53 controls.

    + Proficiency with assessment tools (e.g., Nessus, Splunk, Tenable.SC, SCAP scanners).

    + Direct experience providing independent evaluations for system authorization packages, including in cloud environments (AWS, Azure, etc.).

    + Analytical skills to interpret vulnerabilities, compliance gaps, and potential threats in diverse systems.

    + Understands the difference between cloud and non-cloud security control baselines.

    Preferred Qualifications:

    + Experience as an Information System Security Officer (ISSO).

    + Experience with Vulnerability, Configuration, and Asset Management tools in support of Continuous Monitoring.

    + Excellent analytical, written, and verbal communication skills.

    + Strong attention to detail in preparing federal security documentation.

    + Experience with:

    + POA&M management

    + Performing Security Authorization

    + Performing Risk Analysis and Assessment

    + CSAM or similar toolGRC tool

    Preferred Skills:

    + Experience providing ISSO support to DHS

    + Experience supporting systems hosted in Cloud environments.

    + Experience supporting systems in Agile and DevOps environments

     

    About** **steampunk

     

    Steampunk relies on several factors to determine salary, including but not limited to geographic location, contractual requirements, education, knowledge, skills, competencies, and experience. The projected compensation range for this position is $115,000 to $165,000. The estimate displayed represents a typical annual salary range for this position. Annual salary is just one aspect of Steampunk’s total compensation package for employees. Learn more about additional Steampunk benefits here.

     

    Identity Statement

     

    As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

     

    Steampunk is a **Change Agent** in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors. Through our **Human-Centered delivery methodology** , we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges. As an **employee owned company** , we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com .

     

    Refer a Friend (https://careers-steampunk.icims.com/jobs/7205/cloud-security-control-assessor/job?mode=apply&apply=yes&in\_iframe=1&hashed=-336029103)

     

    Need help finding the right job?

     

    We can recommend jobs specifically for you!

     

    **Job Location** _US-DC-Washington_

    **Posted Date** _15 hours ago_ _(12/19/2025 9:54 AM)_

    **_Job ID_** _7205_

    **_Clearance Requirement_** _Public Trust_