VariQ is seeking a Senior Computer Security Analyst supporting the Commodity Futures Trading Commission. The ideal candidate will possess experience in IT Security Controls assessments (IT Security Controls Assessor providing Assessment and Authorization (A&A) services in compliance with the Federal Information Security Management Act of 2002 (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)).
• Experience assessing Federal information systems’ compliance with the Federal Information Security Management Act (FISMA).
• Experience conducting independent security control assessments in accordance with NIST SP 800-53, 800-53A, CNSSI 1253, and the Risk Management Framework (RMF) described in NIST SP 800-37.
• Supporting security assessments of customer systems, services, and programs, as well as provide oversight to less experienced staff.
• Analyzing customer processes and configurations to verify that previously identified flaws have been corrected, and document the results.
• Developing approaches for industry-specific threat analyses, application-specific penetration tests, and the generation of vulnerability reports.
• Ability to follow and comply with existing processes and procedures, and propose updates.
• Work with minimal supervision, set priorities, and give attention to detail and quality.
• Demonstrate strong organizational and time-management skills: multitasking, working individually and with a team.
ESSENTIAL JOB DUTIES:
Responsibilities include some or all of the following:
• Performing rigorous assessments of IT controls using industry-standard guidance and leading practices
• Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system personnel such as system and database administrators
• Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings
• Evaluate the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgement
• Professionally documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion
• Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel
• Planning and executing day-to-day activities of IT controls assessments individually and for the team
• Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans
• Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel Qualifications Demonstrates knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews. Demonstrates a working knowledge of FISMA, NIST SP 800 series, FISMA/RMF, FISCAM, and other relevant federal information assurance laws, regulations, and guidance.
VariQ is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.