• Senior Computer Security Analyst

    Job Locations US-DC-Washington DC
    Job ID
    # of Openings
    IT Security
    Work Authorization
    US Citizens, preferred
    Contract - W2
    Posted Date
  • Overview

    VariQ is seeking a Senior Computer Security Analyst supporting the Commodity Futures Trading Commission.  The ideal candidate will possess experience in IT Security Controls assessments (IT Security Controls Assessor providing Assessment and Authorization (A&A) services in compliance with the Federal Information Security Management Act of 2002 (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)).


    • Experience assessing Federal information systems’ compliance with the Federal Information Security Management Act (FISMA).
    • Experience conducting independent security control assessments in accordance with NIST SP 800-53, 800-53A, CNSSI 1253, and the Risk Management Framework (RMF) described in NIST SP 800-37.
    • Supporting security assessments of customer systems, services, and programs, as well as provide oversight to less experienced staff.
    • Analyzing customer processes and configurations to verify that previously identified flaws have been corrected, and document the results.
    • Developing approaches for industry-specific threat analyses, application-specific penetration tests, and the generation of vulnerability reports.
    • Ability to follow and comply with existing processes and procedures, and propose updates. 
    • Work with minimal supervision, set priorities, and give attention to detail and quality.
    • Demonstrate strong organizational and time-management skills: multitasking, working individually and with a team.


    Additional Information:

    • Location: Washington, DC
    • Available: ASAP
    • Security Clearance: none



    Responsibilities include some or all of the following:
    • Performing rigorous assessments of IT controls using industry-standard guidance and leading practices
    • Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system personnel such as system and database administrators
    • Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings
    • Evaluate the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgement
    • Professionally documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion
    • Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel
    • Planning and executing day-to-day activities of IT controls assessments individually and for the team
    • Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans
    • Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel Qualifications Demonstrates knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews. Demonstrates a working knowledge of FISMA, NIST SP 800 series, FISMA/RMF, FISCAM, and other relevant federal information assurance laws, regulations, and guidance. 


    VariQ is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed