| CLEARANCE |
Public Trust *
* Must have continuously resided in the U.S. over the last three (3) years. |
| WORK LOCATION |
Remote |
| TRAVEL |
None |
| JOB DESCRIPTION |
As a Cybersecurity Risk Assessor, Level-1, you will be part of a large program team responsible for the integration, optimization, security, and compliance of a government agency’s public-facing marketplace. The marketplace, primarily hosted on AWS, is a complex system that integrates numerous new and existing applications, services, and systems. This role will support the assessment and management of cybersecurity risks, ensuring that all systems are protected from unauthorized access and align with agency-specific policies and standards. Working closely with internal teams and third-party contractors, you will assist in the design, implementation, and enforcement of security procedures and risk management processes that safeguard the marketplace and its underlying infrastructure. The position requires collaboration with the user community to identify security needs and ensure that proper procedures are in place for maintaining a secure environment.
You will apply foundational knowledge of cybersecurity principles to analyze and evaluate security risks, assisting in the development of secure systems and ensuring that all necessary security controls are in place. As a Level-1 assessor, you will receive supervision and mentorship as you gain hands-on experience in assessing cybersecurity risks and implementing security policies within an enterprise cloud-based environment. |
| Job Duties |
Security Risk Assessment & Vulnerability Management for Integrated Systems
- Assist in assessing security risks for third-party systems integrated into the marketplace.
- Identify vulnerabilities and help implement mitigation strategies for new integrations.
- Review third-party systems for compliance with security standards before marketplace deployment.
- Conduct security risk assessments for all new integrations and updates to existing systems.
Security Policy Implementation and Compliance for Integrated Systems
- Support the implementation of security policies for integrated systems to ensure compliance.
- Ensure that security measures are integrated into systems before deployment.
- Help maintain security procedures for protecting marketplace systems.
- Assist with compliance checks on integrated systems to meet security standards.
Integration-Specific Security Monitoring & Collaboration
- Work with integration teams and third-party vendors to ensure security is embedded during system integration.
- Assist in coordinating security testing for integrated systems.
- Help address security risks during integration and deployment with internal teams and contractors.
User & Stakeholder Communication Regarding Security for Integrated Systems
- Communicate security requirements to internal teams and contractors involved in integration.
- Provide training on security best practices for integration teams.
- Help explain security risks to stakeholders to ensure understanding and compliance.
Security Documentation & Reporting for Integrated Systems
- Assist in documenting security requirements and integration procedures.
- Help create security reports summarizing the status of integrated systems and risks.
- Ensure that integration documentation includes necessary security assessments and mitigation actions.
Incident Response & Security Monitoring for Integrated Systems
- Assist in responding to security incidents involving integrated systems.
- Monitor integrated systems for potential security issues post-integration.
- Contribute to incident documentation and corrective action plans for integrated systems.
Ongoing Security Improvement for Integrated Systems
- Continuously monitor the security of integrated systems to ensure ongoing protection.
- Recommend improvements to security processes and technologies for integrated systems.
Vendor and Third-Party Security Management
- Collaborate with vendors to ensure their systems meet agency security standards before integration.
- Help assess vendor security practices and ensure compliance before deployment.
|
QUALIFICATIONS
Experience: |
Minimum Years of Experience:
- Relevant Job Experience Required: 1.5 years
- Overall IT Experience Required: 3 years.
Technical Skills and Experience:
Must-Have:
- Foundational understanding of cybersecurity principles and best practices.
- Experience with security risk assessments and vulnerability management.
- Familiarity with cloud environments (AWS, Azure) and security controls for cloud-based systems.
- Understanding of domain structures, user authentication, and digital signatures.
- Knowledge of firewall configuration, VPNs, and other security tools.
- Experience with system integration and ensuring secure communication between multiple systems.
- Strong communication skills, including the ability to articulate security issues to non-technical stakeholders.
- Ability to prioritize security concerns based on business needs and technical risks.
- Understanding of common cybersecurity frameworks (e.g., NIST, ISO 27001, FISMA).
- Ability to work collaboratively in cross-functional teams, including with third-party contractors.
- Basic knowledge of incident response procedures and security breach remediation.
- Ability to assist in the creation of security documentation, including policies and risk assessments.
- Strong attention to detail and ability to follow established procedures.
- Ability to maintain compliance with agency-specific security and regulatory requirements.
- Familiarity with security compliance tools and reporting mechanisms.
- Basic understanding of encryption and data protection protocols.
|
|
Education
|
- Bachelor’s degree in computer science, software engineering or other equally relevant field.
|
|
Certification(s)
|
Required:
- CompTIA Security+ (or equivalent)
Preferred or Need to Obtain One w/in 1st Year:
- Certified Information Systems Security Professional (CISSP)
- AWS Certified Security – Specialty
|
| Core Values |
We are seeking someone who embodies the following professional attributes and values:
- Integrity and Accountability: Someone with a principled character and who consistently demonstrates honesty, integrity, and accountability in their work, and who takes responsibility for their actions and upholds high ethical standards.
- Respect and Diversity: Someone who sincerely treats others with dignity, civility, consideration, and fairness, and genuinely values how different perspectives and experiences have the ability to enhance and foster an inclusive work environment.
- Effective Communication and Interpersonal Skills: We are seeking someone who consistently communicates both verbally and in writing in a clear, professional, and timely manner, ensuring accuracy and completeness with every message. Strong interpersonal skills are essential, as the ideal candidate will project a courteous and approachable demeanor, fostering positive relationships and promoting a collaborative work environment. The ability to engage with colleagues and stakeholders effectively is key to success in this role.
- Performance Excellence and Continuous Improvement: You are expected to consistently deliver quality work and work products, maintaining high standards, taking initiative, recognizing that excellence is achieved by focusing on quality, efficiency, critical thinking, proactive problem-solving. Additionally, you are expected to regularly assess your own performance and skills, seeking opportunities for improvement through professional development, constructive feedback, introspection, and acquiring new knowledge. By embracing continuous improvement, you ensure your contributions remain impactful and help foster a culture of growth and innovation.
|
