Get new similar jobs by email for


By continuing you agree to Monster's Privacy policy, Terms of use and use of cookies.

Job Summary

Knowledge Consulting Group
Richmond, VA 23221
Computer/IT Services
Job Type
Full Time
Years of Experience
2+ to 5 Years
Education Level
Bachelor's Degree
Career Level
Experienced (Non-Manager)
Job Reference Code


About the Job

Knowledge Consulting Group (KCG) is one of the largest privately held cybersecurity services firms in the United States; serving as a Federal Government Contractor and supporting Commercial customers. We operate as a trusted cyber advisor to our customers across the country. We take great pride in maintaining a single focus on being the leader in cybersecurity services, providing risk management, governance, operations, and compliance services, utilizing our CISO framework methodology. We are uniquely positioned as a trusted cyber advisor with over 90 percent of our cyber professionals holding security clearances and security-specific certifications. With over 12 years of experience in providing cybersecurity services to our customers, we have a strong record of past performance in advising and executing cyber missions for all types of organizations and sectors.


Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Top Secret clearance is required with the ability to get SCI. 


Ensure that assigned information systems are operated, maintained and disposed of in accordnace with approved security policies and practices


Ensure that system security requirements are addressed during all phases of the IS lifecycle.


Developing and maintaining the SSPs and all other system security documentation, reviewing and updating them at least annually for all assigned systems


Author or coordinate the development of other required system security plans: Configuration management (CM), Contingency Plan (CP), Continuity of Operations (COOP), Disaster Recovery Plan (DR) and Incident Response Plan (IRP).

Support risk assessment and evaluation activities throughout the system's lifecycle.


Implement a strategy for continuous monitoring for assigned systems including: Establishing system audit trails and ensuring their review, reporting all identified security findings and initiating  the periodic review of security controls


Request or conduct required information system vulnerability scans in accordance to establish policy; Develop system POA&Ms in response to reported vulnerabilities


Ensure compliance with annual FISMA deliverables and reporting.


Investigate any information technology or system security incidents


Assesses and mitigates system security threats/risks throughout the program life cycle; determines/analyzes and decomposes security requirements at the level of detail that can be implemented and tested; reviews and monitors security designs in hardware, software, data, and procedures; performs system certification and accreditation planning and testing and liaison activities; supports secure systems operations and maintenance.


Perform security engineering analysis, risk and vulnerability assessment, etc. Monitor and analyze security functional tests. Prepare C&A documentation such as SSP, SCONOPS, ST&E reports, etc.




Bachelor's degree from an accredited college with 7 years of professional experience. Must possess 5 years experience in IT Security.


CISSP is required.


Knowledge of information security engineering, design concepts and principles.


Knowledgeable with the Systems Development Lifecycle (SDLC) and continuous monitoring methodologies


 Extensive experience analyzing information technology and system risk in complex environments and articulating results (verbal/reports) to all levels of management.


Demonstrated experience conducting information system security controls assessments (SCAs) and applying standard auditing techniques during system security controls assessments, including the proper interpretation of the control requirements, determining if the artifacts provided are sufficient, and recommending remedial actions to the customer to ensure compliance


Demonstrated experience writing information system security documentation (SSPs, POA&Ms, PTAs, PIAs, CMPs, CPs and IRPs).


Extensive knowledge and experience with information security standards, policies and practices - NIST (800-53 rev4), FISCAM, FISMA, DOD, DCID, FBI, etc.


Ability to research and address information security issues as required, being an authority on the subject.


Must be a team player with "can do" attitude. Must be able to work independently with initiative and innovation.


Well versed with using vulnerability assessment tools (NESSUS, AppDetective, etc.) and analyzing the reports generated from these assessments


Proven ability to multi-task and deliver on-time with the highest quality.


Exceptional  interpersonal, verbal, and written communication skills, with the ability to collaborate well across teams and organizations, including interactions with senior-level executives.  Candidates must be fluent in the English language. 

Strong verbal and written communication skills are highly preferred.  It is highly desired that candidates possess strong interpersonal skills.  Candidates must be fluent in the English language. 


Candidates may be asked to provide a writing sample.


Knowledge Consulting Group is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, or disability status.

If interested in the position, please apply directly through our website:



If you have questions or have trouble applying, you may contact:  katie.hanson@knowledgecg.com.



Job Tools

  • Follow Company
    Your information may be shared with the company.
  • Following Company
  • Print
  • Share
  • Report this job