Security Control Assessments Analyst - Suitland
2 days ago
Job description
Job DescriptionECS is seeking a Security Control Assessments Analyst - Mid to work in our Suitland, MD office.
We are looking to hire Mid-Level Security Control Assessment Analyst to support a full range of cyber security services on a long-term contract in Washington DC.
Job Requirements
Strong written and verbal communication skills.
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Knowledge of cyber threats and vulnerabilities.
Knowledge of specific operational impacts of cybersecurity lapses.
Knowledge of authentication, authorization, and access control methods.
Knowledge of application vulnerabilities.
Knowledge of communication methods, principles, and concepts that support the network infrastructure.
Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware.
Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
Knowledge of Risk Management Framework (RMF) requirements.
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Manage and creates authorization packages (e.g., ISO/IECPlan and conduct security authorization assessments initial authorization of systems and networks as well as systems in continuous monitoring.
Review authorization and assessment documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
Perform security assessments and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
Salary Range:
$70,000 - $90,000
Benefits
General Description of Benefits
Required Skills
4-year bachelor's degree or equivalent experience
4+ years' experience developing information security and privacy policy
Certifications that address security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security, incident management, integration of computing/ communications/business disciplines and enterprise components
Active Public Trust clearance or eligible to obtain a Public Trust clearance
Desired Skills
Experience reviewing and drafting Privacy Impact Assessments (PIAs)
Experience in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
Experience in conducting vulnerability scans and recognizing vulnerabilities in security systems.
Experience with determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
Skill in discerning the protection needs (i.e., security controls) of information systems and networks.Experience in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.Ability to identify/describe techniques/methods for conducting technical exploitation of the target.
Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.
Ability to interpret and translate customer requirements into operational action.
Ability to interpret and understand complex and rapidly evolving concepts.
Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.
#ECS1
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law.
All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose.Every day, our 3200+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
Similar jobs
Job Description · ECS is seeking a Security Control Assessments Analyst - Mid to work in our Suitland, MD office. · We are looking to hire Mid-Level Security Control Assessment Analyst to support a full range of cyber security services on a long-term contract in Washington DC. Th ...
2 days ago
Job Description · ECS is seeking a · Security Control Assessments Analyst - Mid · to work in our · Suitland, MD · office. · We are looking to hire Mid-Level Security Control Assessment Analyst to support a full range of cyber security services on a long-term contract in Washingto ...
1 day ago
ECS is seeking a Security Control Assessments Analyst – Mid to work in our Suitland, MD office. · We are looking to hire Mid-Level Security Control Assessment Analyst to support a full range of cyber security services on a long-term contract in Washington DC. The position is full ...
2 days ago
ECS is seeking a Security Control Assessments Analyst – Mid to work in our Suitland, MD office. · We are looking to hire Mid-Level Security Control Assessment Analyst to support a full range of cyber security services on a long-term contract in Washington DC. The position is full ...
1 day ago
The U.S. Pharmacopeial Convention (USP) seeks a Landscape Assessment Analyst consultant to collect and validate data on regional disease burden, market value and projected demand, · Advanced degree in health economics, epidemiology or data science. · Demonstrated skills in quanti ...
1 month ago
This position involves performing cybersecurity third-party risk assessments and collaborating with stakeholders on remediation strategies. · Communicate results to peers and provide input on remediation plans. · ...
2 weeks ago
TP Risk Assessment Analyst responsible for performing cybersecurity Third-Party Risk Assessments and collaborating with stakeholders on remediation strategies. · Perform cybersecurity Third-Party Risk Assessments (TPRAs) · Collaborate with key stakeholders on remediation strategi ...
2 weeks ago
+Kearney and Company is seeking a Senior Cybersecurity Assessment Analyst to join our growing team. · + ...
1 week ago
RiVidium Inc is seeking a Vulnerability Assessment Analyst who will perform assessments of systems and networks within the NE or enclave. · ...
4 weeks ago
Kearney & Company is seeking a Senior Cybersecurity Assessment Analyst to join our growing team. · ...
1 week ago
RiVidium Inc is seeking a Vulnerability Assessment Analyst who will perform assessments of systems and networks within the NE or enclave. · Analyze organization's cyber defense policies and configurations. · Conduct penetration testing on enterprise network assets. · ...
1 week ago
Title Vulnerability Assessment Analyst - Intermediate Full-Time/Part-Time Full-Time Description RiVidium Inc (dba, TripleCyber) is seeking a Vulnerability Assessment Analyst who will perform assessments of systems and networks within the NE or enclave and identifies where those s ...
1 day ago
Overview · Quantum Research International, Inc. (Quantum ) is a certified DoD Contractor providing services and products to US/Alliedgovernments and industry in the following main areas: (1) Cybersecurity, High Performance Computing Systems, Cloud Services and Systems; (2) Space ...
2 days ago
Overview: · Quantum Research International, Inc. (Quantum) is a certified DoD Contractor providing services and products to US/Alliedgovernments and industry in the following main areas: (1) Cybersecurity, High Performance Computing Systems, Cloud Services and Systems; (2) Space ...
1 day ago
Overview: · Quantum Research International, Inc. (Quantum) is a certified DoD Contractor providing services and products to US/Allied governments and industry in the following main areas: (1) Cybersecurity, High Performance Computing Systems, Cloud Services and Systems; (2) Space ...
2 days ago
The Cybersecurity Risk Assessment Analyst is responsible for identifying, assessing, and managing cybersecurity risk associated with enterprise applications used across the organization. This role executes risk assessments according to a defined risk-based schedule, assigns risk ...
2 days ago
Analyze and assess the organization to identify areas for improvement. Conduct research and gather information through interviews and observation. · ...
1 month ago
The Cloud Assessment Analyst III supports DoD and FedRAMP cybersecurity oversight for Cloud Service Offerings by performing Continuous Monitoring, · Annual Assessments, · and risk evaluations to ensure compliance with RMF and NIST requirements.Conducts thorough reviews · & analys ...
4 weeks ago
Digital Global Connectors (DGC) is seeking a knowledgeable and skilled Security Assessment & Authorization (SA&A) Analyst to manage the development, execution, and ongoing refinement of security assessment and authorization initiatives. · ...
4 days ago
As Sr. Vulnerability Assessment Analyst I you'll identify and assess security weaknesses across mission-critical systems and networks with the goal of making an impact across the federal government. · ...
1 week ago