Security Controls Assessor / OSCAL (Remote)

Company Overview: TestPros is a successful and growing business, established in 1988 to provide Information Technology (IT) technical support services to a wide range of Commercial and U.S. Federal, State, and Local Government customers. Our capabilities include Program Management, Program Oversight, Process Audit, Intelligence Analysis, Cyber Security, NIST 800-53, NIST SP 800-171 / CMMC Consulting/Assessment/Compliance, PCI Compliance, HIPAA, SOC 2, GLBA, Zero Trust, Resiliency, Computer Forensics, Software Supply Chain Assurance, Software Testing, Test Automation, Section 508 and WCAG Accessibility Assessment and Remediation, Localization Testing, Independent Verification and Validation (IV&V), Quality Assurance (QA), Compliance, and Research and Development (R&D) services. TestPros is an Equal Opportunity Employer. Position: Part time (as needed, 1099 or Corp. to Corp) Job Summary: The ideal candidate will have strong hands‑on experience conducting independent security control compliance assessments using guidelines from NIST (800-53, 800-171) and assessment automation via OSCAL (Open Security Controls Assessment Language). You must have security controls and OSCAL experience in both U.S. Government and Commercial environments. FedRAMP experience is a plus... Required Qualifications Proven OSCAL experience (at least two years) . 5+ years of hands‑on security controls assessment and development of Security Assessment Plan (SAP), Security Assessment Report (SAR) and Plan of Actions and Milestones (POA&M). Experience with RegScale, Paramify, or similar tools. Experience with government, public sector, or municipal IT environments is highly preferred. Ability to write clear, professional, and actionable technical reports. Full U.S. Citizenship, and ability to pass an extensive background check. Preferred Skills Experience with NIST 800-53 based ATO assessment, NIST 800-171/CMMC assessment, and/or HIPAA assessment. Ability to produce a set of interoperable, extensible, machine-readable formats that supports a broad range of control‑based risk management processes (XML-, JSON-, and YAML‑based formats that allow for lossless translations between XML, JSON, and YAML representations). Familiarity with U.S. Government security policy requirements. Experience coordinating with multi‑agency or cross‑organizational IT teams. Expertise with common tools such as Kali Linux, Burp Suite, Nmap, Metasploit, Nessus/Tenable, and Wireshark. Engagement Details Estimated Start: April 2026 Estimated Duration: TBD Work Location: Fully Remote Clearances: Not required, but government experience is a plus Benefits TestPros offers a competitive salary, medical/dental/vision insurance, life insurance, paid time off, paid holidays, 401(k) retirement plan with company match, opportunities for professional growth, cell phone discounts, and much more! All benefits are per TestPros current policies and are subject to change without notice. Benefits are available to full‑time employees. TestPros, Inc. is an Equal Opportunity Employer. EEO Statement All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, marital status, age, national origin, or protected veteran status. #J-18808-Ljbffr Testpros