Security Control Assessor - Intermediate

Description

RiVidium Inc (dba, TripleCyber) is seeking a Security Control Assessor who conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST 800-37).

Tasks

• Manage and approve Accreditation Packages (e.g., ISO/IEC 15026-2).
• Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
• Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
• Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
• Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
• Establish acceptable limits for the software application, network, or system.
• Manage Accreditation Packages (e.g., ISO/IEC 15026-2).
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational
• procedures, and maintenance training materials).
• Verify and update security documentation reflecting the application/system security design features.
• Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
• Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
• Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
• Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
• Assess the effectiveness of security controls.
• Assess all the configuration management (change configuration/release management) processes.
  
  

Abilities

• Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
• Ability to answer questions in a clear and concise manner.
• Ability to ask clarifying questions.
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• Ability to communicate effectively when writing.A0015: Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.A0016: Ability to facilitate small group discussions.A0018: Ability to prepare and present briefings.
• Ability to produce technical documentation.
• Ability to design valid and reliable assessments.
• Ability to analyze test data.
• Ability to collect, verify, and validate test data.
• Ability to dissect a problem and examine the interrelationships between data that may appear unrelated.
• Ability to identify basic common coding flaws at a high level.
• Ability to translate data and test results into evaluative conclusions.
• Ability to ensure security practices are followed throughout the acquisition process.
• Ability to apply collaborative skills and strategies.
• Ability to apply critical reading/thinking skills.
• Ability to effectively collaborate via virtual teams.
• Ability to evaluate information for reliability, validity, and relevance.
• Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.
  
  

Requirements

• Bachelor degree or higher from an accredited college or university.
• Prefer an accredited Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.
• Certifications: CAP or CASP or Cloud or CYSA or PenTest .
  

About the Organization Established in 2008, RiVidium, Inc. (dba TripleCyber) is a VA-Verified SDVOSB and an SBA-Certified 8(a) company. To prepare our clients for the future, RiVidium has balanced all parts of our organization to attract the finest employees in order to 'Strive to be the missing element defining tomorrow's technology'. RiVidium keeps pace and surpasses its competitors by meeting challenges of advancements in Logistics, Human Capital, Cyber, Intelligence & Technology.

EOE Statement We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law. If you need a reasonable accommodation for any part of the employment process, please contact Human Resources (HR) at hr@rividium.com.