Security Control Assessor
Fusion Technology LLC
Washington, District of Columbia
security
assessor
security
assessment
assistance
insurance
assessor
software
mission
penetration testing
cycle
authority
system configuration
December 9, 2022
Fusion Technology LLC
Washington, District of Columbia
FULL_TIME
Fusion Technology LLC is in search of a highly skilled and experienced Security Control Assessor candidate to fill this an On-Site position, based in Washington DC.
- Job Title: Security Control Assessor
- Salary: $90,000.00 - $110,000.00
- Location: On-Site - Washington DC
- Submission End Date: Ongoing
- Job Description: Below
Duties Include, but are NOT Limited To:
- Implementing an IT Security Review and Assistance Program to aid the ISSOs in authoring security assessment and authorization documentation.
- Scheduling IT security review and assistance visits and ensuring these visits are completed and participating in review and assistance visits.
- Coordinating with ISSOs and providing guidance and oversight in identifying and documenting deficiencies and prioritizing them based on the mission, risk, and funding.
- Evaluating configurations and implementation of firewalls, proxy servers, routers, Virtual Private Networks (VPNs), Intrusion Detection System (IDS), wireless networks, etc. against legal requirements, departmental/local policy, industry best practices and vendor recommendations.
- Conducting vulnerability assessments and penetration testing for all IT systems, with the assessment/testing level to be based on each system’s status within the security assessment and authorization cycle and authority to operate status. Analyze systems for potential vulnerabilities that may result from improper system configuration, hardware or software flaws, or operational weaknesses. Respond to vulnerability issues within 5 Calendar days of occurrence. Present any security issues that are found to the system owner with an assessment of their impact and a recommendation for mitigation or technical solution.
- Providing penetration testing and ethical hacking services in network, wireless and web application environments; these shall include Social Engineering (including but not limited to the ability to perform Phishing and Spear Phishing); these services should be performed following a documented and standardized methodology. The goals and objectives for each exercise will be determined by the S&T CISO. * Performing static code reviews as required, based on a given system’s status within the security assessment and authorization cycle, authority to operate status, and estimated risk profile. Static code review includes analyzing systems for potential vulnerabilities that may result from improper system configuration, hardware or software flaws, or operational weaknesses. The Contractor shall also perform static code analysis on software developed in-house and by contracted developers. The Contractor shall present any security issues that are found to the ISSO, Compliance Officer, system owner, authorizing official, and the S&T CISO along with an impact assessment and a recommendation for mitigation and technical solution.
- Ensuring coordination among the DHS Security Operations Center and the Information Security Vulnerability Management Program when vulnerability assessments cross multiple Component responsibilities.
- Ensuring DHS encryption policy is implemented and enforced and advising project managers on the implementation of DHS encryption standards.
Requirements
- Bachelor's degree in related field
- Trusted Employee: The Government trusts you and so do we. You possess an active Top Secret security clearance. You must also be able to obtain Department of Homeland Security (DHS) suitability.
- Knowledgeable: You have 7+ years of experience as a proven IT Assessments.
- Field Certified: You are a go-getter and an excellent test taker. You earned and maintain the following certifications: Certified Information Systems Security Professional (CISSP) or ISACA's Certified Information Security Manager (CISM)
Certified Analytics Professional (CAP) or CompTIA Advanced Security Practitioner (CASP+)
Visit Fusiontechnology-llc.com for more details regarding our company mission and objectives.
Job Types: Full-time, Contract
Pay: $90,000.00 - $110,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Flexible schedule
- Flexible spending account
- Health insurance
- Health savings account
- Life insurance
- Paid time off
- Parental leave
- Professional development assistance
- Referral program
- Relocation assistance
- Retirement plan
- Tuition reimbursement
- Vision insurance
Schedule:
- 8 hour shift
- Monday to Friday
Application Question(s):
- Are you a U.S. Citizen?
- If you hold a Green Card, have you been employed in the U.S. for minimum of 3 years?
- How many years of experience do you have with Microsoft Office applications (work, excel, outlook, etc.)?
Education:
- Bachelor's (Required)
Experience:
- Security System Assessor: 7 years (Required)
License/Certification:
- CAP OR CASP (Required)
- CISSP OR CISM (Required)
Security clearance:
- Top Secret (Required)
Work Location: One location
Report this job