Advertisement

Experience:
Not specified
Concerned about your lack of experience? Learn More...
Employment Type:
Not Specified
Posted:
9/25/2019
Job Category:
Medical-Health Care
Industry:
Aerospace & Aeronautics
Sr Cyber Technologist I
Raytheon Company | Dulles, Virginia
Tell Us More About Your Job Preferences
By telling us what you think of this job, we can help find jobs that match your interests. If you want to see more jobs like this, click on the smiley face. Or if this job isn't what you are looking for, click the frowny face. Learn More...

Follow This Company
Share

Job Description

    Information Assurance Assessor

    Responsibilities

    Demonstrates knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews. Demonstrates a working knowledge of FISMA, NIST SP 800 series, FISCAM, and other relevant Federal information assurance laws, regulations, and guidance. Experience performing FISMA, OMB Circular A-123, or similar internal control assessments is nice to have. Experience remediating and implementing IT controls is beneficial. Experience testing or remediating some or all of the following IT controls topic areas is preferable. This position could be a G08 or G09 DOE.

    • Access and account management, including authorization, provisioning, recertification, and separation
    • Segregation of duties, including identifying and defining segregation of duties risks and conflicts, preventive and detective segregation of duties controls, and understanding the difference between segregation of duties and least privilege
    • Technical account management controls, such as password length, complexity, and expiration
    • Audit logging and monitoring, including generation of audit logs, use of audit log aggregation and analysis tools, and audit log monitoring and review
    • Configuration management, including configuration baseline concepts, baseline deviations, baseline maintenance, monitoring for ongoing compliance with a baseline, and industry-accepted baselines such as DISA STIGs and CIS benchmarks
    • Change management, including authorization, development, testing, and deployment of changes
    • Contingency planning, including backups, testing of backups, and alternate sites

    Qualifications
    Responsibilities include some or all of the following:

    • Performing rigorous assessments of IT controls using industry-standard guidance and leading practices
    • Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system personnel such as system and database administrators
    • Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings
    • Evaluate the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgment
    • Professionally documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion
    • Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel
    • Planning and executing day-to-day activities of IT controls assessments individually and for the team
    • Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans
    • Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel
    This role supports client work contractually requiring a Public Trust clearance.

    Additional Requirements

    • This position requires successful completion of a background check and employment verification.
    The successful candidate must not be subject to employment restrictions from a former employer (such as a non-compete) that would prevent the candidate from performing the job responsibilities as described.

    Governance, Risk and Compliance Security Consulting Practice. You will provide our clients with guidance pertaining to security and privacy regulatory and industry standard requirements, security risk assessments, and GRC consulting. Looking for candidates that will:

    • Work with Federal (and potentially commercial) clients in the role of Independent Security Consultant and Assessor
    • Plan and perform security assessments by evaluating network and security technologies
    • Verify system, application or business security by performing security assessments, code reviews, configuration and network design reviews
    • Interview key stakeholders across the client organization to support security assessment
    • Support and guide information risk and security discussions with technical and non-technical groups
    • Analyze client security programs for maturity and performance relating to industry accepted best practices
    • Develop recommendations for remediating risk and compliance gaps
    • Evaluate information security risk in for business environment controls and industry requirements
    • Provide client guidance for information security best practices
    • Follow standard methodologies for evaluating industry security controls based on formulized security frameworks
    • Execute in high demanding, fast paced environments with tight deadlines
    • Draft deliverable documentation to meet client security needs
    • Create security roadmaps for client security program development and improvement
    • Support GRC Practice and firm initiatives
    GRC Security Consultant & Assessor
    Requirements
    • BA/BS in information technology or related field preferred
    • 4 plus years of experience in security governance, risk assessments and regulatory/controls
    • Federal experience preferred
    • Experience and understanding of industry security tool including Splunk, RSA Archer, etc
    • Experience at a professional consulting services firm a plus
    • Experience with the evolving security and privacy controls environment, regulatory landscape and risk management techniques, principles and practices
    • Must be able to assess clients against a wide variety of security and compliance frameworks (NIST (800-53, 800-37, 800-171, CSF), FISMA, FedRAMP, HIPAA, etc)
    • Experience with the development and implementation of information security policies, standards and related procedures for security programs
    Preferred
    • A solid understanding of IT security technologies, including network and application security, firewalls, access management, and data protection
    • Strong written and verbal communication skills, including the ability to explain technical matters to a non-technical audience
    • Ability to clearly document assessment results
    • Ability to take a proactive approach in building, maintaining and expanding on client relationships
    • Knowledge of cloud security processes and technologies
    • Ability to work both independently and as part of a team
    • General understanding of federal contracting environment
    Certifications:
    Requires at least one of the following:
    • Security+
    • CISSP
    • CSIRC
    • CISA
    Required Education:
    Bachelor’s degree in Computer and Information Systems, Engineering, Science, or Mathematics with 6+ year’s concentration in a Information Assurance role or equivalent experience;

    • Additional work experience may be considered in lieu of education
    • This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization.
    148610BR 148610

    Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.

    Advertisement

    About Raytheon Company

    Raytheon Company is a technology and innovation leader specializing in defense, civil government and cybersecurity markets throughout the world. With a history of innovation spanning 92 years, Raytheon provides state-of-the-art electronics, mission systems integration and other capabilities in the areas of sensing; effects; and command, control, communications and intelligence systems; as well as a broad range of mission support services

     
    Advertisement Advertisement