Security Assurance Analyst

SECURITY ASSURANCE ANALYST PORTLAND, OR CONTRACT OPPORTUNITY

As a leading IT managed services specialist with more than 12,000 associates worldwide, we rely on the personal relationships we build with our consultants and the clients who depend on them. Join the COMPUCOM Team!

DESCRIPTION OF PROJECT:
Security Assurance is tasked with enterprise-wide security assessments to baseline organizational assets, critical information systems, emerging technologies and remediation plans. The candidate in this position will analyze, develop and lead assessment efforts to provide management with a complete view of known vulnerabilities and associated risks.

The analyst will utilize in-depth knowledge and experience of NIST, DIACAP and Risk Management Frameworks RMF 800-37 to complete detailed assessment including POA&M and Security Assessment Report SAR deliverables. The information Security Assurance Analyst will perform Information Security Testing to baseline organizational security posture and develop remediation plans to reduce risk to the organization.

The Analyst will provide expert analysis and guidance of remediation efforts and recommend strategies to address deficiencies and implement process to administer and streamline. This project will include the current assessment criteria, organizational security policy and standard requirements, plan testing objectives, and complete assessment plan.

Desired Deliverables:
Security Assessment Testing methodology, Security Testing Project Plan, Control Testing Plan, Security Assessment Report SAR, Plan of Action and Milestones POA&M.

REQUIRED SKILLS:

- Comprehensive knowledge of security testing at all layers (network, applications, OS, etc.) and the NIST frameworks
- Hands-on experience with vulnerability scanners (eg, IP360), configuration management scanners (eg, CCM), SIEM products (eg, QRadar)
- Thorough understanding of network security, application security, end-point protection, cryptography, etc.
- Ideally 8 or more years of relevant experience
- Implementation and Security Assessment of the following frameworks and standards: NIST SP 800-37 C&A and RM, 800-39, 800-100 standards, DIACAP Certification and Accreditation, Vulnerability and Risk Assessment process and procedures
- Experience with penetration testing, network mapping and vulnerability management tools
- Experience in the generation of management reports and technical remediation plans to address infrastructure concern
- Written and verbal communication skills including familiarity with report writing, audit/assessment documentation, remediation plans, policies/procedures, etc.
- Bachelor's Degree preferred

Shift: 8-5 or 7-4/no overtime.

*CompuCom supports Employment Equity and Diversity*Dallas-based CompuCom Systems, Inc. is a leading provider of end-user enablement, service experience management, and cloud technology services to Fortune 1000 companies. CompuCom partners with enterprises to develop smarter ways they can work, grow and produce value for their business. Founded in 1987, privately held CompuCom has approximately 11,500 associates and supports more than 4 million end users in North America. For more information, visit the website.