NIST 800-53 Security Assessor

We are seeking an experienced NIST 800-53 Security Assessor to support a series of federal security authorization assessments. This role is responsible for evaluating system compliance against the NIST SP 800-53A Rev. 5 framework, executing control testing procedures, validating privacy protections, and producing formal assessment findings.

The assessor will work closely with system owners, engineers, and compliance stakeholders to determine the accuracy of documented security implementations and identify control gaps requiring remediation.

Key Responsibilities:

Audit Framework & Control Assessment

• Perform security control assessments aligned to NIST SP 800-53A Rev. 5.
• Design and execute assessment procedures using the three approved methods:

1. Inspect
2. Interview
3. Test

• Assess controls across all 20 ARC-AMPE control families.

Interview Execution

• Conduct structured interviews with:

1. Control owners
2. System administrators
3. Security engineers
4. Compliance stakeholders

• Validate implementation statements and operational practices.

Testing & Evidence Validation

• Perform technical and administrative testing of implemented controls.
• Review and validate artifacts including:

1. System logs

Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

2. Configuration files
3. Security tool outputs
4. Policies and procedures

• Confirm whether SSP implementation statements are factually accurate.

Excel-Based Evidence Mapping

• Map evidence artifacts to control requirements.
• Evaluate System Security Plan (SSP/SSPP) implementation narratives.
• Track testing results and compliance status using structured workbooks.

Privacy Control Validation

• Assess controls within the PT (PII Processing & Transparency) family.
• Verify lawful processing, storage, and protection of beneficiary data.
• Confirm compliance with data residency requirements, including offshore restrictions.

Findings Development & Reporting

• Develop formal assessment findings for failed or partially implemented controls.
• Document:

1. Control deficiency
2. Risk impact
3. Likelihood and severity
4. Recommended corrective actions (non-implementation advisory)

• Contribute to final security assessment reports.

Required Qualifications

• Minimum 5 years of direct experience assessing NIST 800-53 controls.
• Hands-on expertise with NIST SP 800-53A Rev. 5 testing procedures.
• Proven experience designing control assessment test cases.
• Experience reviewing and validating System Security Plans (SSPs).
• Strong background in evidence analysis and artifact review.
• Experience conducting stakeholder interviews in audit environments.
• Advanced proficiency in Excel for control and evidence mapping.

Preferred Qualifications

• Experience supporting federal authorization programs (e.g., ATO-driven environments).
• Familiarity with ARC-AMPE or similar control baselines.
• Knowledge of privacy frameworks and PII handling requirements.
• Relevant certifications such as:

1. CISSP
2. CISA
3. CCSP
4. Security+

Each engagement lasting 4–6 weeks.

Fully remote delivery with scheduled stakeholder sessions.

Deliverables

• Completed control assessment workpapers.
• Evidence mapping matrices.
• Interview documentation.
• Technical testing results.
• Formal findings and risk statements.
• Input to final Security Assessment Report (SAR).

If you are a detail-oriented security assessor with deep NIST expertise and experience executing federal-grade control assessments, we encourage you to apply.