Arch Systems
  • Woodlawn, MD, USA
  • Full Time

Job Summary:

Arch Systems currently has an opening for a NIST Assessment and Authorization Assessor focusing primarily on application security. The position will be part of an assessment team that is responsible for assuring the implementation of the Centers of Medicare & Medicaid Services (CMS) security controls for all systems.

Job duties/responsibilities:

  • Perform web application(s) and database scanning services on a regular basis.
  • Analyzes and reviews application, system, and database security posture through active scanning, application-layer protocol fingerprinting or traffic analysis.
  • Executing test plans and test scripts per requirements.
  • Assess security controls for various systems.
  • Assess application security to close findings or test vulnerabilities (utilizing burp suite).
  • Assist in process improvement and automation for the assessment methodology.
  • Conduct evaluations of information system components, management, and design, focusing on information security aspects and accreditation according to the NIST Risk Management Framework.
  • Utilize various information system inspection tools to audit systems, analyze potential vulnerabilities and identify mitigation approaches.
  • Review program documentation such as Risk Assessments, Security Plans, and System Design Documentation.
  • Conduct ongoing assessments of contractor facilities as needed to ensure compliance with security requirements tailoring requirements, as needed.
  • Create and submit deliverables accurately and on time.
  • Other project support, as needed.
  • Minimum Qualifications: (Minimum knowledge, skills, and abilities to perform the job)
  • 5 years of experience with application testing, a degree is preferred and may be substituted for some years of experience but not all.
  • Application penetration testing tool experience (e.g. burp suite, Core, ZAP).
  • Knowledge of the OWASP Top 10.
  • Understanding of the operation of relational and noSQL data base systems (Oracle, My SQL, MapReduce, etc.).
  • Experience in Unix/Linux, Windows systems.
  • Understanding of network-based protection systems.
  • Understanding of information management and protection systems (AV, Patch management, etc.).
  • Understanding of System Security design (3-zone, partitioning, etc.).
  • Understanding of application development methods (Dev/Ops specifically).
  • Understanding of systems hardening methods and standards (GPOs, STIGS, etc.).
  • Candidate must be a great communicator (both written and verbal) and be able to work with a group as well as independently.
  • Must be available/able to travel up to 25% of the time.
  • Report writing experience.
  • Experience with program security and information systems security best practices.
  • Ideal candidate will be self-motivated, organized, and detail oriented.
  • GXPN, GPEN, KLCP, CEH, or equivalent certifications.

Desired Qualifications: (desired experience, education, and training)

  • Experience in Federal security certification and accreditation.
  • Understanding of NIST 800-53 policies and implementation.
  • Experience with HIPAA and the Centers for Medicare and Medicaid (CMS).
  • Familiarity with applicable HHS and CMS policies, procedures and operating instructions related to program security, information assurance and information management.


About Arch Systems:

Arch Systems is an established, high growth IT-services Company serving many of the major U.S. government agencies. Our professionals passionately conceive, analyze, develop, and implement optimal solutions for your most challenging business and technology needs. Arch is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected veteran status, or any other characteristic protected by law.

Arch Systems
  • Apply Now

    with our quick 3 minute Application!

  • * Fields Are Required

    What is your full name?

    How can we contact you?

    I agree to ApplicantPro's Applicant Information Use Policy.*
  • Sign Up For Job Alerts!

  • Share This Page
  • Facebook Twitter LinkedIn Email
logo Home About Careers Sectors Services News Contact