Cyber Security Risk Assessor with Security Clearance

---

Job description

Marathon TS is seeking a Cyber Security Risk Assessor to support a federal client in McLean, VA. As a Cybersecurity Risk Assessor, Level-1, you will be part of a large program team responsible for the integration, optimization, security, and compliance of a government agency's public-facing marketplace. The marketplace, primarily hosted on AWS, is a complex system that integrates numerous new and existing applications, services, and systems. This role will support the assessment and management of cybersecurity risks, ensuring that all systems are protected from unauthorized access and align with agency-specific policies and standards. Working closely with internal teams and third-party contractors, you will assist in the design, implementation, and enforcement of security procedures and risk management processes that safeguard the marketplace and its underlying infrastructure. The position requires collaboration with the user community to identify security needs and ensure that proper procedures are in place for maintaining a secure environment. You will apply foundational knowledge of cybersecurity principles to analyze and evaluate security risks, assisting in the development of secure systems and ensuring that all necessary security controls are in place. As a Level-1 assessor, you will receive supervision and mentorship as you gain hands-on experience in assessing cybersecurity risks and implementing security policies within an enterprise cloud-based environment. Job Duties: Security Risk Assessment & Vulnerability Management for Integrated Systems Assist in assessing security risks for third-party systems integrated into the marketplace. Identify vulnerabilities and help implement mitigation strategies for new integrations. Review third-party systems for compliance with security standards before marketplace deployment. Conduct security risk assessments for all new integrations and updates to existing systems. Security Policy Implementation and Compliance for Integrated Systems Support the implementation of security policies for integrated systems to ensure compliance. Ensure that security measures are integrated into systems before deployment. Help maintain security procedures for protecting marketplace systems. Assist with compliance checks on integrated systems to meet security standards. Integration-Specific Security Monitoring & Collaboration Work with integration teams and third-party vendors to ensure security is embedded during system integration. Assist in coordinating security testing for integrated systems. Help address security risks during integration and deployment with internal teams and contractors. User & Stakeholder Communication Regarding Security for Integrated Systems Communicate security requirements to internal teams and contractors involved in integration. Provide training on security best practices for integration teams. Help explain security risks to stakeholders to ensure understanding and compliance. Security Documentation & Reporting for Integrated Systems Assist in documenting security requirements and integration procedures. Help create security reports summarizing the status of integrated systems and risks. Ensure that integration documentation includes necessary security assessments and mitigation actions. Incident Response & Security Monitoring for Integrated Systems Assist in responding to security incidents involving integrated systems. Monitor integrated systems for potential security issues post-integration. Contribute to incident documentation and corrective action plans for integrated systems. Ongoing Security Improvement for Integrated Systems Continuously monitor the security of integrated systems to ensure ongoing protection. Recommend improvements to security processes and technologies for integrated systems. Vendor and Third-Party Security Management Collaborate with vendors to ensure their systems meet agency security standards before integration. Help assess vendor security practices and ensure compliance before deployment. Qualifications: Minimum Years of Experience: Relevant Job Experience Required: 1.5 years Overall IT Experience Required: 3 years. Technical Skills and Experience: Must-Have: Foundational understanding of cybersecurity principles and best practices. Experience with security risk assessments and vulnerability management. Familiarity with cloud environments (AWS, Azure) and security controls for cloud-based systems. Understanding of domain structures, user authentication, and digital signatures. Knowledge of firewall configuration, VPNs, and other security tools. Experience with system integration and ensuring secure communication between multiple systems. Strong communication skills, including the ability to articulate security issues to non-technical stakeholders. Ability to prioritize security concerns based on business needs and technical risks. Understanding of common cybersecurity frameworks (e.g., NIST, ISO 27001, FISMA). Ability to work collaboratively in cross-functional teams, including with third-party contractors. Basic knowledge of incident response procedures and security breach remediation. Ability to assist in the creation of security documentation, including policies and risk assessments. Strong attention to detail and ability to follow established procedures. Ability to maintain compliance with agency-specific security and regulatory requirements. Familiarity with security compliance tools and reporting mechanisms. Basic understanding of encryption and data protection protocols. Education: Bachelor's degree in computer science, software engineering or other equally relevant field. Certifications: Required: CompTIA Security (or equivalent) Preferred or Need to Obtain One w/in 1 st Year: Certified Information Systems Security Professional (CISSP) AWS Certified Security - Specialty Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status ").

<!– job description page –>