GermantownRecruiter Since 2001
the smart solution for Germantown jobs

Senior Continuous Monitoring Assessment Analyst

Company: Iron Vine Security
Location: Springfield
Posted on: January 15, 2022

Job Description:

Position Summary:Iron Vine Security is a rapidly growing information security and information technology company in Washington, DC. We are looking to hire Senior Continuous Monitoring Assessment Analyst to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.Job Requirements:--- Strong written and verbal communication skills.--- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).--- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.--- Knowledge of cyber threats and vulnerabilities.--- Knowledge of specific operational impacts of cybersecurity lapses.--- Knowledge of authentication, authorization, and access control methods.--- Knowledge of application vulnerabilities.--- Expeience with technical security tools (Tenable Nessus, WebInspect, Splunk, and BigFix) and other tools requested for vulnerabilities and compliance--- Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware.--- Knowledge of cyber defense and vulnerability assessment tools and their capabilities.--- Knowledge of Risk Management Framework (RMF) requirements.--- Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.--- Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).--- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, returnoriented attacks, malicious code).Certifications/Licenses:--- 4-year Bachelors degree or higher--- 4+ years experience in continuous monitoring and vulnerability management--- Certifications that address security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security, incident management, integration of computing/ communications/business disciplines and enterprise components--- Active Public Trust clearance or eligible to obtain a Public Trust clearanceAdditional Experience Preferred:--- Experience reviewing and drafting Privacy Impact Assessments (PIAs)--- Experience in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).--- Experience in conducting vulnerability scans and recognizing vulnerabilities in security systems.--- Experience with determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.--- Skill in discerning the protection needs (i.e., security controls) of information systems and networks.--- Experience in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.--- Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.--- Ability to identify/describe techniques/methods for conducting technical exploitation of the target.--- Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.--- Ability to interpret and translate customer requirements into operational action.--- Ability to interpret and understand complex and rapidly evolving concepts.--- Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).--- Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.Position Responsibilities:--- Review and update existing information security policy, standards, and procedures based on federal and departmental regulations.--- Conduct SCA utilizing the USCB's technical security tools (Tenable Nessus, WebInspect, Splunk, and BigFix) and other tools requested for vulnerabilities and compliance--- Independently evaluate security and privacy controls to support Information System--- Continuous Monitoring (ISCM) assessments of Agency system components--- Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.--- Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.--- Develop and continuously implement automated control monitoring and assessment approaches to achieve continuous monitoring and minimize manual assessments IAW NISTIR 8011, Automation Support for Security Control Assessments;--- Maximize continuous monitoring and on-going authorizations and focus on technical security capabilities as well as the enterprise Security Information and Event Management (SIEM) solution;--- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.--- Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).--- Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.Iron Vine Security is a federal contractor. As such, we are subject to an Executive Order requiring all employees of federal contractors to be fully vaccinated for COVID-19 by December 8, 2021. Therefore, by applying for this position, you understand that you will be required to verify that you have been, or will be, fully vaccinated by December 8, or to verify that you cannot be vaccinated due to a legally recognized exception to the vaccine mandate set forth in the Executive Order.Note: An individual is not considered to be fully vaccinated until two weeks after receiving the second vaccine dosage in a vaccine regimen involving two vaccines.Iron Vine Security is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws.

Keywords: Iron Vine Security, Germantown , Senior Continuous Monitoring Assessment Analyst, Professions , Springfield, Maryland

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest Maryland jobs by following @recnetMD on Twitter!

Germantown RSS job feeds