[Remote] Security Analyst (NIST 800-53 Specialist)

Note: The job is a remote job and is open to candidates in USA. Velero is seeking an experienced NIST 800-53 Security Assessor to support federal security authorization assessments. The role involves evaluating system compliance against the NIST SP 800-53A Rev. 5 framework, conducting control assessments, and producing formal assessment findings. Responsibilities • Perform security control assessments aligned to NIST SP 800-53A Rev. 5 • Design and execute assessment procedures using the three approved methods: • 1. Inspect • 2. Interview • 3. Test • Assess controls across all 20 ARC-AMPE control families • Conduct structured interviews with: • 1. Control owners • 2. System administrators • 3. Security engineers • 4. Compliance stakeholders • Validate implementation statements and operational practices • Perform technical and administrative testing of implemented controls • Review and validate artifacts including: • 1. System logs • 2. Configuration files • 3. Security tool outputs • 4. Policies and procedures • Confirm whether SSP implementation statements are factually accurate • Map evidence artifacts to control requirements • Evaluate System Security Plan (SSP/SSPP) implementation narratives • Track testing results and compliance status using structured workbooks • Assess controls within the PT (PII Processing & Transparency) family • Verify lawful processing, storage, and protection of beneficiary data • Confirm compliance with data residency requirements, including offshore restrictions • Develop formal assessment findings for failed or partially implemented controls • Document: • 1. Control deficiency • 2. Risk impact • 3. Likelihood and severity • 4. Recommended corrective actions (non-implementation advisory) • Contribute to final security assessment reports Skills • Minimum 5 years of direct experience assessing NIST 800-53 controls • Hands-on expertise with NIST SP 800-53A Rev. 5 testing procedures • Proven experience designing control assessment test cases • Experience reviewing and validating System Security Plans (SSPs) • Strong background in evidence analysis and artifact review • Experience conducting stakeholder interviews in audit environments • Advanced proficiency in Excel for control and evidence mapping • Experience supporting federal authorization programs (e.g., ATO-driven environments) • Familiarity with ARC-AMPE or similar control baselines • Knowledge of privacy frameworks and PII handling requirements • Relevant certifications such as: CISSP, CISA, CCSP, Security+ Company Overview • Velero is a premier cybersecurity and compliance consulting firm dedicated to providing comprehensive solutions that empower businesses to secure their digital assets and achieve compliance with confidence. It was founded in 2024, and is headquartered in Tampa, FL, US, with a workforce of 2-10 employees. Its website is https://velero.consulting/. Apply tot his job Apply To this Job