Security Control Assessor
Maveris
Washington, district of columbia
Job Details
Full-time
Full Job Description
Maveris is an IT and cybersecurity services company committed to helping organizations create secure digital solutions to accelerate their mission. We are Veteran-owned and proud to serve customers across the Federal Government and private sector. We have an opening for a full-time Security Control Assessor to join our talented, dynamic team. The Security Control Assessor supports a program that provides cybersecurity services for the U.S. Department of Veterans Affairs (VA). This team supports areas such security control assessments, development of assessment automation solutions, and security architecture analysis.
Veterans are encouraged to apply.
Duties
As a Security Control Assessor, you will be trusted to support the delivery of our cybersecurity solutions and services. In this role, you will be a part of a security control assessment team working on the tasks outlined below:
- Conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37).
- Plans and conducts security authorization reviews and assurance case development for initial installation of systems and networks.
- Reviews authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
- Verifies that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
- Develops security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
- Performs security reviews and identifies security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
- Performs risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
- Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
Requirements
- Bachelor's degree in computer science, electronics engineering or other engineering or technical discipline is required.
- Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Knowledge of system and application security threats and vulnerabilities.
- Knowledge of Personally Identifiable Information (PII), Payment Card Industry (PCI), and Personal Health Information (PHI) data security standards.
- Experience with Cybersecurity policy, risk management, and threat mitigation.
- Experience with security control assessments within the VA using the NIST Risk Management Framework (RMF) is a plus.
- Certifications such as SCA and CISA are a plus.
- Exceptional written and verbal communication skills.
- Strong planning, organizational, and time management skills.
- Exceptional analytical and conceptual thinking skills.
- Ability to work collaboratively with a team of peers.
Benefits
Maveris attracts and retains talent of the highest caliber by offering opportunities to work in exciting and challenging environments surrounded by bright minds. Our employees are our most prized asset and are rewarded with highly competitive compensation and a top-tier benefits package, including:
- 401(k) with company contribution
- Dental Insurance
- Health Insurance
- Vision Insurance
- Life Insurance
- Paid Time Off
About Maveris
Maveris offers exceptional, mission-focused solutions to organizations facing highly complex IT, digital, and cyber security challenges. Our success is achieved by maintaining an environment of trust where people are encouraged to reach their fullest potential. Every candidate that applies to Maveris brings something unique to the table, and because our team is diverse, we consistently meet our goals and exceed client expectations. If you are a highly-motivated person with a willingness to learn, we invite you to apply today to join our team!
To learn more about employee benefits visit www.maveris.com.
For company updates and the latest job postings check us out on LinkedIn.
If you'd like to read about some of our research and projects head over to Maveris Labs.
Want a more behind the scenes view? Check out our blog Maveris Insights to learn more about the team behind the solutions.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.