Job Description :
Position Title: Application/Data Security Assessor
Location: Chicago, IL.
Duration: LONG TERM
Dynamic Interactive Business Systems Inc. is looking for a Application/Data Security Assessor for its direct Client in Chicago, IL.
Responsibilities:
Familiar with OMB Circular A-130 and NIST requirements, particularly NIST SP 800-37 Revision 2 and SP 800-53 Revision 5
Able to plan, conduct, and document IT security testing in accordance with NIST SP 800-53A Revision 5
Facilitates and conducts Security Control Assessments (SCA) and possibly additional advanced-level Continuous Monitoring Activities within internally hosted and cloud-based environments
Ensures cyber security policies are adhered to and that required controls are implemented
Validates respective information system security plans to ensure NIST control requirements are met
Develops resultant SCA documentation, including but not limited to the Security Assessment Report
Initiates recommendations associated with the findings on how to improve the customer’s security posture in accordance with NIST controls
Reviews the controls that support the Requirements Traceability Matrix (RTM) and the details of the System Security Plan (SSP) to determine completeness and accuracy
Follows and abides by the SCA Standard Operating Procedure (SOP) that is provided by the client
Provides Security Assessment Results to meet client requirements and standards, which will include at a minimum the following documents: SAR, RTM, and a detailed technical results document as stipulated by the client upon Security Assessment completion
Assists with the interpretation and analysis of Security Assessment Results upon completion of each Security Assessment and/or as requested to assist with post-assessment questions, to assess the vulnerability and risk to the system and to the customer or other connected systems
Able to lead small, less complex system assessments independently
Able to assist team members with proper artifact collection to the client’s examples of artifacts that will satisfy assessment requirements
Able to test, analyze and interpret Security Assessment Results for all systems, including but not limited to the following platforms: Microsoft Server 2008/2012/Other, UNIX/Linux, Microsoft SQL Server, Oracle DBMS, Sybase DBMS, Windows 7, IIS, Mobile Device Management solutions, Routers/Switches/Firewalls, Printers/Faxes/Multi-Function Devices, .Net and Java custom-developed applications
Familiarity with the following tools is preferred, but is not required:
Archer GRC, Qualys, Tenable, CoreImpact, DbProtect, Nessus, IBM AppScan, Symantec Endpoint Protection, Symantec DLP, FireEye ATP, McAfee SIEM, McAfee IDS/IPS, ForeScout, MS Excel pivot tables.
Requirements:
Bachelor’s or Master''s Degree in IT Security
2+ years of security control assessment (SA&A) experience
Experience in performing IT security testing, IT control assessments/audits, and/or IT Security Testing and Evaluation (ST&E) preferred
Knowledge of Federal information security standards and methodologies preferred, including FISMA requirements, OMB standards and guidelines, and NIST Federal Information Processing Standards (FIPS) Publications and Special Publications (NIST FIPS 199, NIST FIPS 200, NIST SP 800-37, NIST SP 800-53/A, etc
Ability to apply information security principles to enterprise applications, operating systems, and networks
Excellent written and verbal communication skills
One or more of the following certifications is preferred: CISSP, CEH, CISA, CISM, CAP