Security Control Assessor (Senior)

Employer
Halvik
Location
Arlington, VA
Posted
Feb 20, 2021
Closes
Feb 24, 2021
Ref
1750238348
Function
IT, Security Engineer
Hours
Full Time
Halvik is looking for cybersecurity professionals to join our team supporting the Federal Deposit Insurance Corporation (FDIC) in Arlington, VA.The Security Controls Assessor will conduct independent, comprehensive assessments of the management, operational, and technical security and privacy controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37).Entry level personnel will have 1 to 3 years of relevant experience and the equivalent of an associates degree in a cyber-security related field.Intermediate level personnel will have 4 to 6 years of experience and the equivalent of a BS/BA in a cyber-related field. Direct experience or certifications may substitute for the academic credentials.Senior level positions require 7 or more years of relevant cyber-security experience and an advanced degree in a technical/cyber-related field. Direct experience or directly relevant certifications may substitute for the academic credentials.CISSP certification is required for all levels.US Citizenship is required, and the ability to pass the background investigation for a Public Trust position.ResponsibilitiesPerform security reviews, identify gaps in security architecture, and develop a security risk management plan with recommendations for inclusion in the risk mitigation strategy.Plan and conduct security authorization reviews to confirm that the level of risk is within acceptable limits for each software application, system, and network.Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.Provide input to the Risk Management Framework process activities and related documentation (eg, system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).Develop security compliance processes and/or audits for external services (eg, cloud service providers, data centers).Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.Support necessary compliance activities (eg, ensure that system security configuration guidelines are followed, compliance monitoring occurs).Review Accreditation Packages (eg, NIST Risk Mgt Framework).SkillsAssessing security controls based on cybersecurity principles and tenets. (eg, CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).Assessing security systems designs.Conducting system vulnerability and risk assessments and reviews.Interpreting vulnerability scanner results to identify vulnerabilities.Technical writing, reviewing and editing for assessment products.Conducting vulnerability scans and recognizing vulnerabilities in security systems.Discerning the protection needs (ie, security controls) of information systems and networks.Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).AbilitiesCollect, analyze, verify, and validate test data.Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.Design valid and reliable assessments.Function in a collaborative, virtual environment, seeking continuous consultation with other analysts and expertsboth internal and external to the organizationto leverage analytical and technical expertise.Identify systemic security issues based on the analysis of vulnerability and configuration data.Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).KnowledgeCyber defense and vulnerability assessment tools and their capabilities.Cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.Laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.Network access, identity, and access management (eg, public key infrastructure, Oauth, OpenID, SAML, SPML).new and emerging information technology (IT) and cybersecurity technologies.Risk Management Framework (RMF) requirements.Security Assessment and Authorization process.authentication, authorization, and access control methods.cybersecurity and privacy principles.network security architecture concepts including topology, protocols, components, and principles (eg, application of defense-in-depth).Come join an awesome company on an exciting new project!Halvik offers a competitive full benefits package including:Company-supported medical, dental, vision, life, STD, and LTD insuranceBenefits include 10 federal holidays and PTO.401(k) with company matchingFlexible Spending Accounts for commuter, medical, and dependent care expensesTuition AssistanceCharitable Contribution matchingHalvik Corp is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.Job Category: GG