Security Control Assessor

Amyx, Inc.

$80K — $110K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in a relevant field (Computer Science, Cyber Security, etc.)
  • Active TS/SCI clearance required, with CI Polygraph to obtain
  • Certification in 8140 standards (CCISO, CISA, CISM, CISSP, etc.)
  • Strong understanding of security assessments and compliance standards
  • Experience with security tools (Nessus, AWS, ServiceNow)
  • Ability to work onsite according to customer requirements

Responsibilities

  • Plan and conduct security authorization reviews and develop assurance cases.
  • Review authorization documents to ensure acceptable risk levels for software applications and systems.
  • Verify implementation of security postures and document deviations with recommendations.
  • Develop security compliance processes for external services like cloud providers.
  • Perform comprehensive security reviews to identify and address gaps in security architecture.
  • Manage and maintain Accreditation Packages such as ISO/IEC 15026-2.
  • Contribute to risk management documentation and processes.

Benefits

  • Medical, Dental, and Vision Plans (PPO & HSA options)
  • Flexible Spending Accounts (Health Care & Dependent Care FSA)
  • 401(k) with matching contributions
  • Short and Long-Term Disability insurance
  • PTO along with 11 paid Holidays
  • Professional Development Reimbursement program
  • Wellness Program
Full Job Description
Overview

Amyx is seeking to hire a Security Control Assessor-Advanced to support our Cybersecurity Division/NGA Defender in the NCW St. Louis, MO area. Conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST 800-37).

Responsibilities

  • Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
  • Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
  • Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
  • Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
  • Establish acceptable limits for the software application, network, or system.
  • Manage Accreditation Packages (e.g., ISO/IEC 15026-2).
  • Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
  • Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
  • Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
  • Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
  • Verify and update security documentation reflecting the application/system security design features.
  • Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
  • Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
  • Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
  • Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
  • Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
  • Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
  • Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
  • Assess the effectiveness of security controls.
  • Assess all the configuration management (change configuration/release management) processes.


Microsoft Office Suites; SharePoint; Nessus, AWS Tools, Xacta, ServiceNow, Archer, Microsoft Hyper-V, VMWare vSphere, Citrix XenDesktop/Server, Amazon Elastic Compute Cloud, etc. public key infrastructure, Oauth, OpenID, SAML, SPML

Qualifications

Required:
  • Bachelor degree or higher from an accredited college or university (Recommend an accredited Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.)
  • Clearance:
    • TS/SCI is required to begin working on the program
    • Must be able to obtain a CI Polygraph
  • 8140 Certification: CCISO or CISA or CISM or CISSP or CISSP-ISSEP or GSLC or GSNA
  • Must be able to work on site per customer and contractual requirements




Benefits include:
      • Medical, Dental, and Vision Plans (PPO & HSA options available)
      • Flexible Spending Accounts (Health Care & Dependent Care FSA)
      • Health Savings Account (HSA)
      • 401(k) with matching contributions
      • Roth
      • Qualified Transportation Expense with matching contributions
      • Short Term Disability
      • Long Term Disability
      • Life and Accidental Death & Dismemberment
      • Basic & Voluntary Life Insurance
      • Wellness Program
      • PTO
      • 11 Holidays
      • Professional Development Reimbursement


Physical Demands

Employee needs to be able to sit at a workstation for extended periods; use hand(s) to handle or feel objects, tools, or controls; reach with hands and arms; talk and hear. Most positions require ability to work on desktop or laptop computer for extended periods of time reading, reviewing/analyzing information, and providing recommendations, summaries and/or reports in written format. Must be able to effectively communicate with others verbally and in writing. Employee may be required to occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Regular and predictable attendance is essential.

Similar Jobs

More Jobs at Amyx, Inc.

More Information Technology Jobs

Find similar Security Control Assessor jobs: