Security Assessment Specialist - Falls Church, Virginia United States - 6556

This closed position was filled. Check out our Jobs Search Page for our current open positions similar to this one.


Job #: 6556
Title: Security Assessment Specialist
Job Location: Falls Church, Virginia - United States
Employment Type:
Salary: contact recruiter for details
Employer Will Recruit From: Local
Relocation Paid?: NO


Location: Falls Church, VA
Clearance: Secret

Seeking a professional and experienced Sr. Assessment Specialist to join our team and support the Center for Internet Security (CIS) Critical Security Controls (CSC) team.



  • Leverage working knowledge of the CIS Critical Security Controls (prev SANS 20) including all associated sub-controls to facilitate ongoing security maturity assessments across the enterprise.
  • Research, develop, and document CSC maturity metrics, artifacts, and workflows relevant to the CIS Top 20 Controls identifying status of tool procurements, implementations, SIEM integrations, and/or decommissioning across multiple enterprise networks.
  • Conduct analysis and technical security mapping to identify gaps and provide executive-level understanding of current and future states of CIS maturity.
  • Coordinate with key stakeholders across the organization to identify technology and policy mapping to each CSC sub-controls, gaps, and current/future status.
  • Develop in-depth executive level briefings for Executive Leadership Team (ELT) on CIS CSC maturity, tools, implementation status, etc.
  • Analyze organizational policies with CIS best practices and provide recommendations on areas for improvement to increase maturity based on the CIS CSCs. 
  • Consolidate and integrate feedback from deep dive reviews with key stakeholders and manage team documents to central SharePoint site.
  • Update maturity status on a quarterly basis and report changes to ELT.
  • Provide recommendations for improvement based on assessment results to include changes to Standard Operating Procedures and other policies.




  • Bachelor’s Degree – IT, Cybersecurity, or Management Information Systems (Not required) 
  • 3-5 years of related experience in information technology and/or information security conducting risk assessments to identify security gaps, assessing controls, and providing recommendations and reporting to executive leadership.
  • Fundamental understanding of computer networking (TCP/IP, DNS, Firewalls, Proxies, Routers, Switches, etc.)
  • Knowledge of Windows and Linux operating systems and information security components
  • Knowledge of Cybersecurity technologies to include:
    • Asset Configuration Management 
    • Intrusion Detection/Prevention Systems (IDS/IPS) 
    • Security Incident and Event Management (SIEM)
    • Antivirus 
    • Networking
    • Security Vulnerability Scanning 
    • Incident Response
  • Certifications: CompTIA Security+, Network+, A+, CISSP, CEH (Preferred) 
  • US Citizenship status and DoD Secret clearance.

University - Bachelor's Degree/3-4 Year Degree