CIS CSC Security Assessment Specialist

Falls Church, Virginia, United States
Apr 15, 2019
Apr 18, 2019
IT, Security Engineer
Full Time
Job Description Job Number: R0040721

CIS CSC Security Assessment Specialist

Key Role:

Maintain responsibility for the program and focus on the center for internet security (CIS) critical security controls (CSC). Leverage working knowledge of the CIS critical security controls, including all associated sub-controls to facilitate ongoing security maturity assessments across the enterprise. Research, develop, and document CSC maturity metrics, artifacts, and workflows relevant to the CIS top 20 controls identifying status of tool procurements, implementations, SIEM integrations, and decommissioning across multiple enterprise networks. Conduct analysis and technical security mapping to identify gaps and provide executive-level comprehension of current and future states of CIS maturity. Coordinate with key stakeholders across the organization to identify technology and policy mapping to each CSC sub-controls, gaps, and current and future status, assist with in-depth executive level briefings for Executive Leadership Team (ELT) on CIS CSC maturity, tools, implementation status, and the like. Update maturity status on a quarterly basis and report changes to ELT and provide recommendations for improvement based on assessment results to include changes to standard operating procedures and other policies.

Basic Qualifications:

-3+ years of experience in IT and information security conducting risk assessments to identify security gaps, assessing controls, and providing recommendations and reporting to executive leadership

-Experience with computer networking, TCP/IP, DNS, Firewalls, proxies, routers, and switches

-Ability to assess the efficacy of CSCs and develop implementation approaches for resolving CSC weaknesses

-Knowledge of CIS Critical Security Controls (CSC)

-Knowledge of Windows and Linux operating systems and information security components

-Knowledge of Cybersecurity technologies, including asset configuration management, intrusion detection and prevention systems, security incident and event management (SIEM), antivirus, networking, security vulnerability scanning, and incident response

-Ability to obtain a security clearance

-HS diploma or GED

Additional Qualifications:

-BA or BS degree in IT, Cybersecurity, or Management Information Systems

-CompTIA Security+, Network+, A+, CISSP, and CEH


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We're an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.