No more applications are being accepted for this job
- Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
- Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
- Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
- Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
- Establish acceptable limits for the software application, network, or system.
- Manage Accreditation Packages (e.g., ISO/IEC
- Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
- Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
- Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
- Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
- Verify and update security documentation reflecting the application/system security design features.
- Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
- Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
- Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
- Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
- Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
- Assess the effectiveness of security controls.
- Assess all the configuration management (change configuration/release management) processes
- Bachelor degree or higher from an accredited college or university (Recommend an accredited Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.)
- Clearance: TS/SCI
- 8140 Certification: CCISO or CISA or CISM or CISSP or CISSP-ISSEP or GSLC or GSNA
- Flexible Spending Accounts (Health Care & Dependent Care FSA)
- Health Savings Account (HSA)
- 401(k) with matching contributions
- Roth
- Qualified Transportation Expense with matching contributions
- Short Term Disability
- Long Term Disability
- Life and Accidental Death & Dismemberment
- Basic & Voluntary Life Insurance
- Wellness Program
- PTO
- 11 Holidays
- Professional Development Reimbursement Amyx is an Equal Opportunity employer
Security Control Assessor with Security Clearance - St. Louis, MO, United States - Amyx Inc
Description
Amyx is seeking to hire a Security Control Assessor-Advanced to support our Cybersecurity Division/NGA Defender in the NCW StLouis, MO area
Conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST
Responsibilities
public key infrastructure, Oauth, OpenID, SAML, SPML Qualifications Required:
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
Knowledge of cybersecurity and privacy principles
Knowledge of cyber threats and vulnerabilities
Knowledge of specific operational impacts of cybersecurity lapses
Knowledge of authentication, authorization, and access control methods
Knowledge of applicable business processes and operations of customer organizations
Knowledge of application vulnerabilities
Knowledge of communication methods, principles, and concepts that support the network infrastructure
Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware
Knowledge of cyber defense and vulnerability assessment tools and their capabilities
Knowledge of encryption algorithms
Knowledge of cryptography and cryptographic key management concepts
Knowledge of data backup and recovery
Knowledge of database systems
Knowledge of business continuity and disaster recovery continuity of operations plans
Knowledge of organization's enterprise information security architecture
Knowledge of organization's evaluation and validation requirements
Knowledge of organization's Local and Wide Area Network connections
Knowledge of Security Assessment and Authorization process
Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data
Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins)
Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
Knowledge of Risk Management Framework (RMF) requirements
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities
Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML)
Knowledge of new and emerging information technology (IT) and cybersecurity technologies
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
Knowledge of structured analysis principles and methods
Knowledge of systems diagnostic tools and fault identification techniques
Knowledge of the cyber defense Service Provider reporting structure and processes within one's own organization
Knowledge of the enterprise information technology (IT) architecture
Knowledge of the organization's enterprise information technology (IT) goals and objectives
Knowledge of Supply Chain Risk Management Practices (NIST SP
Knowledge of the organization's core business/mission processes
Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S
Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures
Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures
Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA])
Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model)
Knowledge of Personally Identifiable Information (PII) data security standards
Knowledge of Payment Card Industry (PCI) data security standards
Knowledge of Personal Health Information (PHI) data security standards
Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures
Knowledge of an organization's information classification program and procedures for information compromise
Knowledge of embedded systems
Knowledge of penetration testing principles, tools, and techniques
Knowledge of controls related to the use, processing, storage, and transmission of data
Knowledge of Application Security Risks (e.g
Open Web Application Security Project Top 10 list)
Please contact with any questions Benefits include:
Every qualified applicant receives focused consideration for employment and no one is discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status
In addition to federal law requirements, Amyx complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities
This applies to all terms and