Security Control Assessments Analyst - Mid

Job Description

ECS is seeking a Security Control Assessments Analyst - Mid to work in our Suitland, MD office.

We are looking to hire Mid-Level Security Control Assessment Analyst to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.

Job Requirements:

• Strong written and verbal communication skills.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Knowledge of cyber threats and vulnerabilities.
• Knowledge of specific operational impacts of cybersecurity lapses.
• Knowledge of authentication, authorization, and access control methods.
• Knowledge of application vulnerabilities.
• Knowledge of communication methods, principles, and concepts that support the network infrastructure.
• Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware.
• Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
• Knowledge of Risk Management Framework (RMF) requirements.
• Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• • Manage and creates authorization packages (e.g., ISO/IEC 15026-2).
  • Plan and conduct security authorization assessments initial authorization of systems and networks as well as systems in continuous monitoring.
  • Review authorization and assessment documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
  • Perform security assessments and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
  • Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
  • Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
  • Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
  • Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
  • Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.

Salary Range: $70,000 - $90,000
General Description of Benefits

Required Skills

• 4-year bachelor's degree or equivalent experience
• 4+ years' experience developing information security and privacy policy
• Certifications that address security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security, incident management, integration of computing/ communications/business disciplines and enterprise components
• Active Public Trust clearance or eligible to obtain a Public Trust clearance

Desired Skills

• Experience reviewing and drafting Privacy Impact Assessments (PIAs)
• Experience in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
• Experience in conducting vulnerability scans and recognizing vulnerabilities in security systems.
• Experience with determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
• Experience in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
• Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
• Ability to identify/describe techniques/methods for conducting technical exploitation of the target.
• Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.
• Ability to interpret and translate customer requirements into operational action.
• Ability to interpret and understand complex and rapidly evolving concepts.
• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.

#ECS1

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3200+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.