Apply
Security Control Assessor Subject Matter Expert
Remote Worker - N/A
Apply
Description

 

Role Overview

Ease Learning is seeking a qualified Subject Matter Expert (SME) with applied, real-world experience in Security Control Assessor to participate in a skills assessment validation engagement. This is a short-term, contract, remote engagement in which the SME will complete a practitioner-level skills assessment and a brief post-assessment survey. This role does not involve teaching, instructional design, content creation, or ongoing advisory responsibilities.

Engagement Details

Engagement Type: Contract / 1099 – Short-term engagement

Location: Remote

Estimated Item Count: ~300

Estimated Time to Completion: Approximately 2–3 hours

Assessment Window: Work must be completed within a defined access window (typically 5 business days once access is granted)

Scope of Work

  • Complete a practitioner-level skills assessment used for validation and standard-setting purposes.
  • Complete a short post-assessment survey providing feedback on the assessment experience.

This role does not include:

  • Teaching or facilitation responsibilities
  • Instructional or curriculum design work
  • Content authoring or SME review of materials
  • Ongoing advisory or consulting responsibilities
Requirements

 

Required Expertise

The SME should be a current practitioner with applied, real-world experience related to the following knowledge areas and skills:

  • Develop methods to monitor and measure risk, compliance, and assurance efforts
  • Develop specifications ensuring risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements
  • Draft statements of preliminary or residual security risks for system operation
  • Maintain information systems assurance and accreditation materials
  • Monitor and evaluate system compliance with IT security, resilience, and dependability requirements
  • Conduct Privacy Impact Assessments (PIA) for appropriate security controls protecting PII
  • Perform validation steps comparing actual results with expected results and analyze differences
  • Plan and conduct security authorization reviews and assurance case development
  • Provide accurate technical evaluation of software, systems, or networks documenting security posture and vulnerabilities
  • Recommend new or revised security, resilience, and dependability measures based on review results
  • Verify application/network/system security postures are implemented as stated and document deviations
  • Develop security compliance processes and/or audits for external services (e.g., cloud providers, data centers)
  • Knowledge of computer networking concepts, protocols, and network security methodologies
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
  • Knowledge of cybersecurity principles, cyber threats, and vulnerabilities
  • Knowledge of cyber defense and vulnerability assessment tools, including open source tools
  • Knowledge of organization's evaluation and validation requirements
  • Knowledge of cybersecurity principles used to manage risks related to use, processing, storage, and transmission of data
  • Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins
  • Knowledge of IT security principles and methods (e.g., firewalls, DMZs, encryption)
  • Knowledge of current industry methods for evaluating and implementing IT security assessment and monitoring tools
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, XSS, SQL injection)
  • Skill in determining how a security system should work including resilience and dependability capabilities
  • Skill in discerning protection needs (security controls) of information systems and networks
  • Knowledge of network security architecture concepts including topology, protocols, components (e.g., defense-in-depth, Zero Trust)
  • Knowledge of relevant laws, policies, procedures related to critical infrastructure
  • Knowledge of risk assessments and authorization per Risk Management Framework processes
  • Knowledge of penetration testing principles, tools, and techniques
  • Knowledge of security architecture concepts and enterprise architecture reference models
  • Knowledge of security models (e.g., Bell-LaPadula, Biba, Clark-Wilson)

Ideal Candidate Profile

  • Active practitioner with hands-on experience in Security Control Assessor or closely related domains.
  • Practical, working knowledge of how the concepts listed above are applied in real professional settings.
  • Does not need to be an academic researcher or industry thought leader — applied experience is what matters.

Minimum Performance Expectation

Participants must demonstrate baseline practitioner competency by scoring above 50% on the assessment. This threshold is used solely to ensure valid practitioner-level participation and is not used for hiring, ranking, or performance evaluation.

Deliverables

  • Completed skills assessment within the defined access window.
  • Completed post-assessment survey.

Compensation

This is a flat-fee engagement, paid upon successful completion of the assessment and survey

Apply
View All Jobs