Security Controls Assessor

Make a difference here.

UltraViolet Cyber is a leading platform-enabled unified security operations company providing a comprehensive suite of security operations solutions. Founded and operated by security practitioners with decades of experience, the UltraViolet Cyber security-as-code platform combines technology innovation and human expertise to make advanced real-time cybersecurity accessible for all organizations by eliminating risks of separate red and blue teams.

By creating continuously optimized identification, detection, and resilience from today’s dynamic threat landscape, UltraViolet Cyber provides both managed and custom-tailored unified security operations solutions to the Fortune 500, Federal Government, and Commercial clients. UltraViolet Cyber is headquartered in McLean, Virginia, with global offices across the U.S. and in India.

UltraViolet Cyber is seeking an IT specialist or tenured cybersecurity professional to be part of our team as a Security Control Assessor (SCA) to support one of our premier customers in Portland, OR. This person will perform assignments associated with the Information Security (INFOSEC) specialty area to plan and carry out difficult and complex INFOSEC assignments. This role supports risk management activities by identifying control deficiencies, recommending remediation strategies, and validating corrective actions.

This role will require onsite presence in NE Portland, OR, and new hires will require obtaining security clearance and drug testing completion.

What You'll Do::
• Conduct independent assessments of security controls in accordance with NIST, federal, and/or organizational frameworks.
• Develop Security Assessment Plans (SAPs) and Security Assessment Reports (SARs).
• Evaluate management, operational, and technical controls for effectiveness.
• Perform documentation reviews, technical testing, and interviews with system stakeholders.
• Validate remediation efforts and perform reassessments as needed.
• Identify security gaps and provide risk-based recommendations.
• Document findings, risk determinations, and supporting evidence.
• Coordinate with system owners, ISSOs, engineers, and compliance teams.
• Support audit readiness and regulatory inspections.
• Maintain assessment artifacts in governance, risk, and compliance (GRC) tools.
• Provide advisory support on control implementation and best practices.
• Develop / draft and recommend to management - approved testing plans; report results and recommendations.
• Collect metrics on control testing activities; verify processes are clearly documented for all control assessors to follow.
• Perform risk assessments and execute tests of data processing system to confirm functioning of data processing activities and security measures.
• Validate and document appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure.
• Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
• Train users and promote security awareness to verify system security and to improve server and network efficiency.

What You've Have::
• US Citizenship is Required
• Ability to obtain security clearance
• Bachelor’s Degree in a related field plus additional related college courses or professional training
• 3+ years of directly related experience required
• Knowledge of RMF process, NIST 800-53 and associated security controls
• Must be a team player capable of multitasking and working several complex and diverse tasks with simultaneous or near simultaneous deadlines
• Possess developed communication skills and the ability to express thoughts and ideas clearly and concisely; employ technical writing techniques
• Additional Requirements:
• The ideal candidate will use judgment, initiative, and resourcefulness in deviating from established methods to modify, adapt, and/or refine broader guidelines to resolve specific complex and/or intricate issues and problems; treat specific issues or problems; research trends and patterns; develop new standards, criteria, methods, and techniques; and propose new policies and practices.

What We Offer::
• 401(k), including an employer match of 100% of the first 3% contributed and 50% of the next 2% contributed
• Medical, Dental, and Vision insurance (available on the 1st day of the month following your first day of employment)
• Group Term Life, Short-Term Disability, and Long-Term Disability
• Voluntary Life, Hospital Indemnity, Accident, and/or Critical Illness
• Participation in the Discretionary Time Off (DTO) Program
• 11 Paid Holidays Annually

UltraViolet Cyber maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect our company's differing products, services, industries and lines of business. Candidates are typically placed into the range based on the preceding factors.

We sincerely thank all applicants in advance for submitting their interest in this position. We know your time is valuable.

UltraViolet Cyber welcomes and encourages diversity in the workplace regardless of race, gender, religion, age, sexual orientation, gender identity, disability, or veteran status.

If you want to make an impact, UltraViolet Cyber is the place for you!