Security Control Assessments Analyst - Mid

ECS is seeking a Security Control Assessments Analyst – Mid to work in our Suitland, MD office.

We are looking to hire Mid-Level Security Control Assessment Analyst to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance. 

Job Requirements: 

• Strong written and verbal communication skills. 
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). 
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.  
• Knowledge of cyber threats and vulnerabilities.  
• Knowledge of specific operational impacts of cybersecurity lapses. 
• Knowledge of authentication, authorization, and access control methods. 
• Knowledge of application vulnerabilities. 
• Knowledge of communication methods, principles, and concepts that support the network infrastructure. 
• Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware. 
• Knowledge of cyber defense and vulnerability assessment tools and their capabilities. 
• Knowledge of Risk Management Framework (RMF) requirements. 
• Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).  
• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities. 
• Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML). 
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). 
• • Manage and creates authorization packages (e.g., ISO/IEC 15026-2). 
  • Plan and conduct security authorization assessments initial authorization of systems and networks as well as systems in continuous monitoring. 
  • Review authorization and assessment documents to confirm that the level of risk is within acceptable limits for each software application, system, and network. 
  • Perform security assessments and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy. 
  • Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). 
  • Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. 
  • Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals. 
  • Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs). 
  • Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals. 

Salary Range: $85,000 - $90,000
General Description of Benefits

• 4-year bachelor’s degree or equivalent experience 
• 4+ years’ experience developing information security and privacy policy 
• Certifications that address security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security, incident management, integration of computing/ communications/business disciplines and enterprise components 
• Active Public Trust clearance or eligible to obtain a Public Trust clearance