Security Assessment Specialist

Location: Falls Church, VA
Job Type: Temp To Perm
Salary: $1.00 - $1.00
Degree: Bachelor of Science;
Date: 10/18/2017
Job ID: 02527085
Job Description
Location: Falls Church, VA
Clearance: Secret

Responsibilities:
Seeking a professional and experienced Security Assessment Specialist to join our on-site client-facing team. The successful candidate will have significant recent experience applying actionable recommendations based in the Center for Internet Security (CIS) Critical Security Controls (CSC) assessment framework.  Additionally, the successful candidate will have significant experience in working daily with Executive Leadership Teams (ETL) responsible major enterprise systems. Will work across all areas to evaluate, recommend, develop and deliver technical training for Corporate Information Security Office (CISO) Engineering solutions to the end users in coordination with the individual project teams.  
  • Leverage working knowledge of the CIS Critical Security Controls including all associated sub-controls to facilitate ongoing security maturity assessments across the enterprise.
  • Research, develop, and document CSC maturity metrics, artifacts, and workflows relevant to the CIS Top 20 Controls identifying status of tool procurements, implementations, SIEM integrations, and/or decommissioning across multiple enterprise networks.
  • Conduct analysis and technical security mapping to identify gaps and provide executive-level understanding of current and future states of CIS maturity.
  • Coordinate with key stakeholders across the organization to identify technology and policy mapping to each CSC sub-controls, gaps, and current/future status.
  • Develop in-depth executive level briefings for Executive Leadership Team (ELT) on CIS CSC maturity, tools, implementation status, etc.
  • Analyze organizational policies with CIS best practices and provide recommendations on areas for improvement to increase maturity based on the CIS CSCs.
  • Consolidate and integrate feedback from deep dive reviews with key stakeholders and manage team documents to central SharePoint site.
  • Update maturity status on a quarterly basis and report changes to ELT.
  • Provide recommendations for improvement based on assessment results to include changes to Standard Operating Procedures and other policies.
 
Qualifications:
  • Bachelor’s Degree – IT, Cybersecurity, or Management Information Systems (Not required)
  • 3-5 years of related experience in information technology and/or information security conducting risk assessments to identify security gaps, assessing controls, and providing recommendations and reporting to executive leadership.
  • Fundamental understanding of computer networking (TCP/IP, DNS, Firewalls, Proxies, Routers, Switches, etc.) .
  • Knowledge of Windows and Linux operating systems and information security components.
  • Demonstrated use of PowerPoint to effectively obtain ELT and other stakeholder buy in.
  • Knowledge of Cybersecurity technologies to include:
    • Asset Configuration Management
    • Intrusion Detection/Prevention Systems (IDS/IPS)
    • Security Incident and Event Management (SIEM)
    • Antivirus
    • Networking
    • Security Vulnerability Scanning
    • Incident Response
  • Certification in one or more of; CompTIA Security+, Network+, A+, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH)-preferred.
  • General experience with Security Operation tools inclusive of products from SPLUNK, FireEye, Looking Glass, Intel, Endgame, StealthWatch, RSA, Tanium.
  • US Citizenship status and Active DoD Secret Clearance (preferred), must successfully complete the government's security process (required).