Cybersecurity Assessor (CMMC)

About Vaultes

Vaultes is a rapidly growing cybersecurity and digital services company headquartered in the Washington DC metro area. Serving customers across the Federal government and commercial sectors, we use our broad experience and deep technical expertise to implement customized solutions that enable mission achievement and secure the world through technology. 

FAST: The Vaultes Way

F – Frictionless Collaboration: We lead with humility and are easy to work with. Our ego-less, one-team mindset keeps progress moving.

A – Accountable & Adaptable: We do what we say we will and own our outcomes. Rooted in a growth mindset, we flex with change and stay aligned to mission needs.

S – Secure by Design: We protect what matters most. Security and integrity guide our decisions, ensuring resilience and confidence for our clients and partners.

T – Trusted Partners: We work side by side with clients and colleagues, earning trust through accountability, openness, and shared success.

About the role

As a member of our dynamic tech team, you will work collaboratively with team members and key stakeholders to engage in various aspects of cybersecurity assessments for clients. Your dedication for excellent customer service is paralleled by your subject matter expertise. The ideal candidate is not only qualified for the role and passionate about cybersecurity but is also enthusiastic about growing alongside our company.

Responsibilities

• Conduct security control assessments for commercial and government customers to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within a system boundary. 
• Develop, document and review System Rules of Engagement (ROE), Security Assessment Plans (SAPs) and Security Assessment Reports (SARs).
• Conduct kick-off meetings, develop associated schedules and resource plans to complete the assessments.
• Responsible for quality control on the assessment and associated deliverables.
• Develop practical and risk-based approaches for security control implementation and vulnerability remediation.
• Review and provide feedback system boundaries, common controls, the security categorization of information systems, applicable security control baseline based on system categorization.
• Review cyber/system/network security body of evidence and documentation for accuracy and completeness.
• Lead Post Assessment Meetings with the customer.
• Provide Plan of Action and Milestones (POA&M) support to ensure mitigations are completed or the teams are working to mitigate all vulnerabilities in a timely fashion and within customer policy timelines.
• Perform continuous monitoring to ensure implemented security controls remain functional throughout the lifecycle of the information system.
• Perform other duties as assigned. 

Qualifications

• Must be a US Citizen
• Must be able to obtain and maintain favorable suitability determination by the CyberAB
• BS/BA degree in Information Technology or related Cybersecurity field
• 5+ years of auditing and/or assessment experience
• Thorough knowledge of cloud environments (services/security)
• Strong background working with NIST 800-171 and/or NIST 800-53
• Must have an active CCP certification listed in the CMMC Marketplace
• Must have at least the following industry certifications for CCP
• CompTIA Security + (Sec+)
• Must have at least one of the following industry certifications for CCA
• Certified Information System Security Professional (CISSP)
• CompTIA Advanced Security Practitioner (CASP+ CE), Security X
• CompTIA Cybersecurity Analyst (CySA+)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Cloud Security Professional (CCSP)
• Mile Two Certified or Certified Information Systems Security Officer (C|CISSO)

Perks and Benefits

Paid time off 

Paid holidays

Work-from-home opportunities

401k with matching incentive

Competitive Medical/dental/vision benefits

Company provided life insurance

Company provided short-term disability

Physical Requirements

Prolonged periods sitting at a desk and working on a computer.

Capable of operating a computer and other office productivity machinery, and frequently communicate with co-workers, management, and customers.

Vaultes provides equal employment opportunities to all employees and applicants for employment without regard to race, color, creed, ancestry, national origin, citizenship, sex or gender (including pregnancy, childbirth, and pregnancy-related conditions), gender identity or expression (including transgender status), sexual orientation, marital status, religion, age, disability, genetic information, service in the military, or any other characteristic protected by applicable federal, state, or local laws and ordinances.