Thanks for checking out our job opening; we are excited that YOU are interested in learning more about NCC Group.

We are on a mission to make society a safer and more secure place. Our people are the ones who make that mission possible; a global community of talented individuals working together towards a safer future.

We aim to create an environment where everyone can reach their full potential. We work together, we are brilliantly creative, we embrace difference and we want you to help us in our mission, as an Associate Security Consultant for Government Services.

The Opportunity:

NCC Group is always looking for amazing people to join our team. Government Services supports clients in meeting their legal and regulatory compliance requirements specifically related to the U.S. Government. This role is for individuals with a few years of security consulting experience or those who can immediately contribute at an associate level.

The Challenge:

We are looking for people with:

• Experience with FedRAMP, StateRAMP, NIST 800-171 and NIST 800-53
• Demonstrated experience of four (4) areas of Technical Competency, and subject matter expertise in one or more areas
• Authored or assisted with final deliverable documentation for engagements
• Performed final review and QA on deliverables
• The ability to assist with medium to large complex projects and supervise contributing resources
• Developed and delivered complex reports related to regulatory compliance
• Presented findings and recommendations to technical and executive audiences

Essential Skills:

At NCC Group we are passionate about passionate people. We are looking for an individual who thrives in an ever-changing environment; someone who can work with multiple teams to get the job done and deliver great work.

Required Candidate Attributes/Skills:

• Minimum of 2 years of experience in professional services
• Minimum of 2 years of experience in a Government Services

Technical Competencies (included, but not limited to):

• Server/desktop operating systems (Windows, MacOSX, Linux, etc.)
• Office productivity tools; Word, Excel, and PowerPoint
• Data analytics; Access, MySQL, etc.
• Programming and/or scripting languages; Python, PowerShell, Linux shell scripting, etc.
• Compliance Assessment Standards
• FISMA/RMF for DoD IT
• FedRAMP
• CMMC/NIST SP 800-171
• Penetration Testing and Vulnerability Scanning of Government Systems per FedRAMP PMO/DoD Guidance, NIST SP 800-115, Cyber Essentials, OSSTM
• Physical Security Assessment to address FISMA, FedRAMP, DoD, CMMC and ISO/ISA requirements
• Risk Assessment per NIST SP 800-30 and SP 800-39
• Common Vulnerability Scoring System
• Third Party/Vendor Risk Assessment as per NIST SP 800-53 rev 5
• Security and Compliance Frameworks
• NIST FIPS, SPs, NISTIRs and other NIST publications
• ISO/IEC and ISA

Relevant Professional Certifications:

• Certificate of Cloud Auditing Knowledge (CCAK)
• GIAC Penetration Tester (GPEN)
• Licensed Penetration Tester (LPT)
• Certified Ethical Hacker (CEH)
• Certified Expert Pen Tester (CEPT)
• PenTest+
• OSCP Certificate of Cloud Security Knowledge (CCSK)
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)

Personal Qualities

• High-level of professionalism, even in the midst of stressful engagements
• Outstanding attention to detail
• Self-motivated and a demonstrated self-starter
• Highly dependable; team player willing to perform any task necessary to help team succeed
• Ability to work on multiple projects concurrently