Sr Cyber Technologist I

Foreground Security - Dulles, VA4.5

Full-timeEstimated: $94,000 - $120,000 a year
EducationSkills
Information Assurance Assessor

Responsibilities
Demonstrates knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews. Demonstrates a working knowledge of FISMA, NIST SP 800 series, FISCAM, and other relevant Federal information assurance laws, regulations, and guidance. Experience performing FISMA, OMB Circular A-123, or similar internal control assessments is nice to have. Experience remediating and implementing IT controls is beneficial. Experience testing or remediating some or all of the following IT controls topic areas is preferable. This position could be a G08 or G09 DOE.

Access and account management, including authorization, provisioning, recertification, and separation
Segregation of duties, including identifying and defining segregation of duties risks and conflicts, preventive and detective segregation of duties controls, and understanding the difference between segregation of duties and least privilege
Technical account management controls, such as password length, complexity, and expiration
Audit logging and monitoring, including generation of audit logs, use of audit log aggregation and analysis tools, and audit log monitoring and review
Configuration management, including configuration baseline concepts, baseline deviations, baseline maintenance, monitoring for ongoing compliance with a baseline, and industry-accepted baselines such as DISA STIGs and CIS benchmarks
Change management, including authorization, development, testing, and deployment of changes
Contingency planning, including backups, testing of backups, and alternate sites

Qualifications

Responsibilities include some or all of the following:
Performing rigorous assessments of IT controls using industry-standard guidance and leading practices
Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system personnel such as system and database administrators
Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings
Evaluate the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgment
Professionally documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion
Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel
Planning and executing day-to-day activities of IT controls assessments individually and for the team
Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans
Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel
This role supports client work contractually requiring a Public Trust clearance.

Additional Requirements

This position requires successful completion of a background check and employment verification.
The successful candidate must not be subject to employment restrictions from a former employer (such as a non-compete) that would prevent the candidate from performing the job responsibilities as described.

Governance, Risk and Compliance Security Consulting Practice. You will provide our clients with guidance pertaining to security and privacy regulatory and industry standard requirements, security risk assessments, and GRC consulting. Looking for candidates that will:

Work with Federal (and potentially commercial) clients in the role of Independent Security Consultant and Assessor
Plan and perform security assessments by evaluating network and security technologies
Verify system, application or business security by performing security assessments, code reviews, configuration and network design reviews
Interview key stakeholders across the client organization to support security assessment
Support and guide information risk and security discussions with technical and non-technical groups
Analyze client security programs for maturity and performance relating to industry accepted best practices
Develop recommendations for remediating risk and compliance gaps
Evaluate information security risk in for business environment controls and industry requirements
Provide client guidance for information security best practices
Follow standard methodologies for evaluating industry security controls based on formulized security frameworks
Execute in high demanding, fast paced environments with tight deadlines
Draft deliverable documentation to meet client security needs
Create security roadmaps for client security program development and improvement
Support GRC Practice and firm initiatives
GRC Security Consultant & Assessor
Requirements

BA/BS in information technology or related field preferred
4 plus years of experience in security governance, risk assessments and regulatory/controls
Federal experience preferred
Experience and understanding of industry security tool including Splunk, RSA Archer, etc
Experience at a professional consulting services firm a plus
Experience with the evolving security and privacy controls environment, regulatory landscape and risk management techniques, principles and practices
Must be able to assess clients against a wide variety of security and compliance frameworks (NIST (800-53, 800-37, 800-171, CSF), FISMA, FedRAMP, HIPAA, etc)
Experience with the development and implementation of information security policies, standards and related procedures for security programs
Preferred

A solid understanding of IT security technologies, including network and application security, firewalls, access management, and data protection
Strong written and verbal communication skills, including the ability to explain technical matters to a non-technical audience
Ability to clearly document assessment results
Ability to take a proactive approach in building, maintaining and expanding on client relationships
Knowledge of cloud security processes and technologies
Ability to work both independently and as part of a team
General understanding of federal contracting environment

Certifications:Requires at least one of the following:
Security+
CISSP
CSIRC
CISA

Required Education:
  • Bachelor’s degree in Computer and Information Systems, Engineering, Science, or Mathematics with 6+ year’s concentration in a Information Assurance role or equivalent experience;
  • Additional work experience may be considered in lieu of education
This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization.
148610
Business Unit Profile
Raytheon Intelligence, Information and Services delivers innovative technology to make the world a safer place. Our expertise in cyber, analytics and automation allow us to reach beyond what others think is possible to underpin national security and give our global customers unique solutions to solve the most pressing modern challenges - from the cyber domain to automated operations, and from intelligent transportation and training solutions to creating clear insight from large volumes of data. IIS operates at nearly 550 sites in 80 countries, and is headquartered in Dulles, Virginia. The business area generated $6.2 billion in 2018 revenues. As a global business, our leaders must have the ability to understand, embrace and operate in a multicultural world - in the marketplace and the workplace. We strive to hire people who reflect our communities and embrace diversity and inclusion to advance our culture, develop our employees, and grow our business.
Relocation Eligible
No
Clearance Type
None / Not Required
Expertise
Cyber Jobs