Senior Security/Technical Risk Asssessor

Jefferson City, MO
Contracted
Experienced
 
 
         

We are a growing information technology company that offers its employees a culture of success, the chance to work on revolutionary federal IT infrastructure, and the opportunity to grow alongside cutting-edge technology that is reshaping the industry. We are seeking forward thinking candidates that have strong experience in operational support and can help take to the next level in a pro-active stance.
 
Chameleon Integrated Services has expertise in operations management, quality systems, data operations and cybersecurity. We secure some of the most sensitive data for the Department of Defense and for other U.S. federal government agencies. We are known for the great care we take with clients and employees, and we believe in promoting from within.
 
 
We offer a Full Benefits package including:
  • Competitive Employee Health Insurance options including dental
  • 100% company paid vision plan
  • 401K plan with generous company match and no vesting period
  • 100% company paid life insurance
  • 100% company paid long and short-term disability insurance
  • Training allowance
  • PTO and more
 
The Position:
 
Chameleon Integrated Services is currently looking for a Senior Security/Technical Risk Assessor to support one of our state level client in Jefferson City, MO.
 
This is a hybrid role that requires you to live within 50 miles of Jefferson City, MO.
 
Overview:
 
The Senior Security/Technical Risk Assessor will be responsible for performing advanced technical and analytical assessments of State of Missouri information systems, data exchanges, and network configurations supporting the MO HealthNet Division (MHD) and Information Technology Services Division (ITSD). Identify vulnerabilities, quantify risk exposure, and produce actionable mitigation recommendations. Work under the direction of the Project Manager/Lead Risk Assessment Manager to develop formal Security Assessment Reports (SARs), Risk Registers, and Mitigation Plans consistent with NIST and CMS MARS-E standards.


Responsibilities:
  • Conduct end-to-end technical vulnerability assessments and threat modeling for applications, databases, interfaces, and network segments supporting Medicaid operations.
  • Evaluate implemented controls against NIST SP 800-53, NIST SP 800-30, HIPAA Security Rule, CMS MARS-E, and ISO/IEC 27005 control baselines.
  • Execute authenticated and unauthenticated scans using authorized tools such as Tenable Nessus, ACAS, Qualys, or comparable platforms; analyze results for exploitability, configuration drift, and residual risk.
  • Assess hybrid infrastructures (on-premises, Azure Gov, AWS GovCloud, vendor-hosted) for compliance with FedRAMP and state security policy.
  • Develop and maintain risk documentation packages, including Security Assessment Plans (SAPs), SARs, and detailed POA&M entries.
  • Recommend technical, administrative, and procedural controls to reduce identified risk to acceptable thresholds.
  • Support workshops, interviews, and documentation reviews with vendors, system owners, and State security officers.
  • Provide traceability between findings, control families, and remediation actions to satisfy CMS audit and state oversight requirements.
  • Contribute to the preparation of executive summaries and briefings for MHD/ITSD leadership and external auditors.

Skills & Abilities:
  • Comprehensive understanding of NIST SP 800-30, NIST SP 800-37 RMF, ISO/IEC 27005, and HIPAA/HITECH frameworks.
  • Familiarity with FedRAMP, Azure Government, and AWS GovCloud security control baselines.
  • Proficient in developing risk registers, assessment reports, and POA&M tracking for systems containing Protected Health Information (PHI) and Personally Identifiable Information (PII).
  • Understanding of AI Risk Management Framework (AI RMF) and its application to analytical systems supporting Medicaid operations.
  • Strong analytical, documentation, and technical-writing abilities for drafting SARs, POA&Ms, and mitigation plans.
  • Capable of articulating complex technical findings to executive and non-technical stakeholders.
  • Team-oriented mindset with disciplined task tracking, version control, and evidence management to support audits.
  • Proven reliability in meeting short-turn deliverable deadlines under multi-agency oversight.
Education & Experience
  • Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science, or a related technical discipline.
  • Minimum 5 years of cybersecurity or information-assurance experience.
  • Minimum 3 years conducting comprehensive security risk assessments or vulnerability analyses for enterprise IT systems or Medicaid-related programs.
  • Demonstrated authorship of SARs or equivalent technical deliverables under NIST or ISO frameworks.

Certs:
 
  • CISSP, CISM, CRISC, CISA, CEH, GSEC, or CompTIA Security+
 
 
The Location:   Jefferson City, MO (hybrid)
 
 
 
“We are an equal opportunity employer and all Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status”
 
Share

Apply for this position

Required*
Apply with Indeed
We've received your resume. Click here to update it.
Attach resume or Paste resume
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Voluntary Self-Identification of Disability
Voluntary Self-Identification of Disability Form CC-305
OMB Control Number 1250-0005
Expires 04/30/2026
Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Please check one of the boxes below:

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

You must enter your name and date
Human Check*