The Opportunity:

Conduct independent security control testing and assessments of the management, operational, and technical security controls to determine the overall effectiveness of security controls, based on the NIST Risk Management Framework (RMF). Technically assess both major application and general support system security configurations and implementation using manual and automated test methods. Provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities. Develop and review SCA artifacts such as Security Assessment Plan (SAP), Security Assessment Reports (SAR) and System Security Plan (SSP).

You Have: