By Light Professional IT Services

Risk Management Framework/Security Control Assessor

Job Locations US-VA-Vienna
Posted Date 2 months ago(1/22/2020 4:31 PM)
# of Openings
Information Technology


Phacil, a By Light company, is hiring for an RMF Security Control Assessor to join our team. This is a hands-on, Risk Management Framework, Security Assessor position requiring intermediate knowledge of security configurations for Windows Server 2012/2016; Red Hat Linux; VMWare; SQL Server; Oracle, and other administrative and security aspects of workstation and enterprise server technology.


  • Support the security assessment of globally deployed departmental systems through hands-on execution of customer-supplied tools and best-practice techniques, including manual and automated verification scans against defined component baselines.
  • Assist with determining the security and configuration status of a variety of system components including Linux and Windows operating systems; SQL Server and Oracle databases; system support components; VMWare implementations. There are occasional “one-off” components requiring development of baseline security configurations, hence technical curiosity and a desire to learn and innovate are beneficial.
  • For Assessment & Authorization purposes, validate the components and configurations of departmental systems deployed both globally and domestically.
  • Identify misconfigurations, non-compliances, and anomalies which are relevant to FISMA assessment practices.
  • Coordinate system assessment and findings to the Security Analyst for inclusion in Security Assessment Report and participate in findings meetings with relevant system stakeholders.
  • Using the NIST Risk Management Framework and the NIST 800-53 security control catalog, map system and configuration anomalies to specific NIST security controls, along with specific recommended remediation.
  • Write accurate, cogent and defensible descriptions of security configuration status as well as succinct and defensible suggested remediation.

Required Experience/Qualifications

  • 3-5 years of experience
  • Linux and Windows Server environment familiarity
  • NOC, SOC, operations, data center, configurations management or similar related experience
  • NIST and Risk Management Framework (RMF) familiarity and use

Preferred Experience/Qualifications

  • Prior Department of State experience
  • Application security principles and experience
  • Prior NOC, SOC, operations, data center or similar experience
  • Knowledge of cloud migrations/assessments or PKI-DAR (data at rest), or general services support typical of completing RMF type assessments

Special Requirements/Security Clearance

  • DoD Top Secret clearance required


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed