Logo
Mayvin®

Mayvin® is hiring: Security Control Assessor in Washington

Mayvin®, Washington, DC, United States


Job Details

Job Location
Washington, DC

Remote Type
Hybrid

Position Type
Full Time

Education Level
4 Year Degree

Travel Percentage
Up to 25%

Job Shift
Day

Job Category
Professional Services

Mayvin is currently seeking a Security Control Assessor to provide support to the Cybersecurity and Compliance initiative in the Department Homeland Security's Countering Weapons of Mass Destruction Office (DHS CWMD). The scope of this initiative encompasses a variety of information security expertise: Security Control Assessors as described here, as well as Penetration Testers, Software Security analysis, CDM / vulnerability management, and IT Governance work in Data Management, Enterprise Architecture, and IT Investment. Support will primarily benefit CWMD's Systems Support Directorate (SSD). The agency's main work is to develop and/or acquire CBRN detection equipment through the DHS acquisition process and deploy that equipment to DHS's front-line operators to alert them of the presence of chemical, biological, radiological, or nuclear weapons or materials present in the people, vehicles, or cargo entering the country.

Must be a U.S. Citizen.

Active SECRET clearance, ability to pass DHS background investigation.

Responsibilities:
  • Conduct information system security control assessments in order to evaluate the design, implementation and operational effectiveness of security controls for CWMD information systems in accordance with NIST SP 800-53.
  • Create assessment plans outlining the scope, objectives, schedule and methods used for assessing information system security controls, ensuring compliance with NIST, DHS, CISA and CWMD frameworks.
  • Analyze findings from assessments to determine the overall risk posture of systems and recommend remediation actions to mitigate identified vulnerabilities. Collaborate with stakeholders to prioritize and provide actionable recommendations.
  • Document the assessment using the DHS CSAM or other appropriate tools. Ensure documentation supports federal audit readiness.
  • Prepare security assessment reports that detail the status and effectiveness of security controls and deviations from baseline requirements, and provide actionable insights to system owners, stakeholders, and CWMD leadership.
  • Work closely with system owners, system security personnel, and other stakeholders to provide guidance on security control implementation, continuous monitoring, and the development of risk-based plans of action and milestones (POA&Ms).
  • Provide cybersecurity expertise throughout the RMF lifecycle and represent CWMD cybersecurity leadership where necessary.
  • Ensure that systems comply with applicable guidance as part of the overall system authorization process (e.g., RMF), helping to maintain an authority to operate (ATO).
  • Correspondence with program management office to correct deficiencies.
Qualifications:
  • Minimum of 12 years of directly related experience with a Bachelor's degree (or 10 with a Master's degree)
  • Highly skilled cybersecurity professional with a keen understanding of technology including but not limited to application, databases, networking, containerization, cloud architecture, and artificial intelligence to support adequate security and remediation planning activities.
  • Experience in vulnerability Application and database security assessment, scanning and results interpretation.
  • Deep understanding of cloud security principles, including identity and access management, data protection, and incident response and proficiency in AWS services such as EC2, S3, RDS, Lambda, and IAM.
  • CISA High Value Asset Assessment Lead certified within 6 months.
  • Strong working knowledge of CIS 2.0 and the AWS Well Architected Framework (Security Pillar).
  • Experience using DHS (DOJ) Cyber Security Assessment and Management (CSAM) or other federal government GRC tools (e.g., DoD Enterprise Mission Assurance Support Service (eMASS), Xacta) to manage the assessment and authorization (A&A) lifecycle.
  • Understanding of CI/CD tools and processes, including tools such as Jenkins, GitLab CI, and CircleCI.
  • Skills in monitoring and ensuring compliance with security standards and regulations within CI/CD and DevSecOps environments.
  • Knowledge of specific security controls for AI systems, including data protection, model integrity, and algorithm security.
  • Strong communication, organizational, analytical, and problem-solving skills
  • Ability to support and manage multiple concurrent projects with shifting priorities in a fast-paced, deadline driven environment
  • Strong organizational skills
  • Ability to work with a variety of colleagues with varying levels of experience
  • Ability to work in a team environment
  • Mastery in use of personal computers with extensive experience using Microsoft Office Suite; familiarity with web-based applications including Microsoft Teams a plus


About Mayvin:

Mayvin offers our employees an innovative culture, excellent benefits and amenities, an inclusive work environment, ongoing career development, and recognition and rewards to honor hard work. Most importantly, our employees have a voice and are heard; we treat our employees with unwavering dignity and respect. Mayvin is dedicated to protecting the interests of the United States. We made a commitment to deliver unparalleled service to serve the interests of national security. Come join us in tackling our nation's hardest problems in a place where #PeopleMatter #ReimagineYourMission.