FLEX Assurance Analyst

This is a temporary position.   

Perform certification of Security Control attestations and evaluate the implementation of controls to support the granting of an Authorization to Operate for a release of new infrastructures, services, applications, and processes into Marriott’s Production Environments. Leverage existing Security Engagement processes and documentation, in conjunction with security compliance tools, to determine control implementation status. Routinely process ITSM Release and Security Engagement Tasks to document justification for all approvals. Routinely collaborate with multiple teams, both technical and business, to ensure Controls Assurance compliance. Understand, communicate, interpret, and enforce Marriott International Policies and Security Standards throughout the Certification and Accreditation process. Understand and communicate Marriott International Security Control Objectives through familiarization with Marriott International Policies and Standards, as well as Industry Best Practice Frameworks, including, but not limited to, NIST RMF, NIST CSF, PCI DSS, GDPR, MPLS, EU Privacy, and ISO. Periodically prepare and provide status updates on Assurance engagements for reporting to Senior Manager.

 

CANDIDATE PROFILE

 

Education and Experience

 

Required:

·      Bachelor’s degree in Computer Science or related field or equivalent experience/certification

·      1-2+ years’ experience in Information Security and at least 1 year experience in Control Assessment/Control Testing/Control Validation

·      Current and relevant information security certification, including, but not limited to, CISSP (Certified Information Systems Security Professional), (ISC)2 CGRC certification, ISACA, PCI QSA/ISA, ITIL, IS Certification & Accreditation Professional - ISCAP, GIAC Information Security Professional (GISP), or similar

·      Familiarity/experience with NIST RMF

·      Familiarity/experience with SDLC

 

Preferred:

·      Cloud computing certification, such as AWS Solutions Architect Associate, Azure Administrator Associate, Google Associate Cloud Engineer

·      Understanding of software engineering concepts: GOF software design patterns, SOLID design principles (SRP, OSP, LSP, ISP, and DIP) and design methods (Scrum, XP, Lean, Waterfall)

 

Additional Skills & Attributes

 

·      Strong oral and written communication skills

·      Ability to conduct independent security research

·      Basic understanding of cryptography concepts: hashing, signing, encryption, decryption, tokenization

·      Basic understanding of common application security controls such as WAF, RASP, Intercepting Proxies

·      Experience with some of the following tools and technologies: GitHub Advanced Security, Postman, Fortify SCA, Jenkins, Artifactory, SonarQube, Docker, JIRA, Confluence, Aqua CSP, Nessus Pro or Tenable.io

·      Basic understanding of network security concepts: DOS, DNS Spoofing, ARP Poisoning, Firewalls, Intrusion Detection, Segmentation

·      Basic understanding of Vulnerability and Patch Management practices

·      Basic understanding of endpoint security controls: EDR, Vulnerability Scanning Agents, HIDS, FIM

·      Basic understanding of Agile Software Development Practices & DevOps

 

CORE WORK ACTIVITIES

 

Security Certification

·      Process Releases and Security Engagements assigned to Assurance

·      Review Security Engagement final documentation and verify all required controls meet the security objectives and are in-place

·      Reviews application architectures and implementation details for design flaws, incorrect security implementation and missing security controls

·      Works with other security team members to research and test complex security issues

·      Ensures applications are built according to enterprise security standards

·      Input datasets into security control tools such as SD Elements and compare datasets at intervals over time to identify changes/deficiencies

 

Security Accreditation

·      Provide detailed security documentation to developers, software engineers and technical personnel when necessary

·      Provide guidance and recommendation to software architects and engineers on how to correct code related security flaws

 

Administrative

·      Participate in peer reviews of security assessments created by other team members.

·      Manage tickets and SLAs associated with security testing efforts

·      Maintain and contribute to the enterprise SSDLC standard

 

The pay range for this position is $33.94 to $53.46 per hour.                                                                                                                                                                      

FLEX opportunities offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts.  Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.

Marriott HQ is committed to a hybrid work environment that enables associates to Be connected.  Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD.

 

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.