Security Assessment Specialist
|Falls Church, Virginia - United States
contact recruiter for details
WHY IS THIS A GREAT OPPORTUNITY?
Location: Falls Church, VA
Seeking a professional and experienced Sr. Assessment Specialist to join our team and support the Center for Internet Security (CIS) Critical Security Controls (CSC) team.
- Leverage working knowledge of the CIS Critical Security Controls (prev SANS 20) including all associated sub-controls to facilitate ongoing security maturity assessments across the enterprise.
- Research, develop, and document CSC maturity metrics, artifacts, and workflows relevant to the CIS Top 20 Controls identifying status of tool procurements, implementations, SIEM integrations, and/or decommissioning across multiple enterprise networks.
- Conduct analysis and technical security mapping to identify gaps and provide executive-level understanding of current and future states of CIS maturity.
- Coordinate with key stakeholders across the organization to identify technology and policy mapping to each CSC sub-controls, gaps, and current/future status.
- Develop in-depth executive level briefings for Executive Leadership Team (ELT) on CIS CSC maturity, tools, implementation status, etc.
- Analyze organizational policies with CIS best practices and provide recommendations on areas for improvement to increase maturity based on the CIS CSCs.
- Consolidate and integrate feedback from deep dive reviews with key stakeholders and manage team documents to central SharePoint site.
- Update maturity status on a quarterly basis and report changes to ELT.
- Provide recommendations for improvement based on assessment results to include changes to Standard Operating Procedures and other policies.
- Bachelor’s Degree – IT, Cybersecurity, or Management Information Systems (Not required)
- 3-5 years of related experience in information technology and/or information security conducting risk assessments to identify security gaps, assessing controls, and providing recommendations and reporting to executive leadership.
- Fundamental understanding of computer networking (TCP/IP, DNS, Firewalls, Proxies, Routers, Switches, etc.)
- Knowledge of Windows and Linux operating systems and information security components
- Knowledge of Cybersecurity technologies to include:
- Asset Configuration Management
- Intrusion Detection/Prevention Systems (IDS/IPS)
- Security Incident and Event Management (SIEM)
- Security Vulnerability Scanning
- Incident Response
- Certifications: CompTIA Security+, Network+, A+, CISSP, CEH (Preferred)
- US Citizenship status and DoD Secret clearance.
University - Bachelor's Degree/3-4 Year Degree