Job title: Senior Penetration Tester
Company: Mayvin
Job description: This website uses cookies to customize and improve your experience. If you are a California resident, you may be entitled to certain rights regarding your personal information. Additional information about our data collection practices and location specific notices is available on our privacy policy.XAccept CookiesThis website uses cookies to customize and improve your experience. If you are a California resident, you may be entitled to certain rights regarding your personal information. Additional information about our data collection practices and location specific notices is available on our privacy policy.XAccept CookiesSenior Penetration TesterJob DetailsJob LocationWashington, DCRemote TypeHybridPosition TypeFull TimeEducation Level4 Year DegreeTravel PercentageUp to 25%Job ShiftDayJob CategoryProfessional ServicesMayvin is currently seeking a Security Control Assessor to provide support to the Cybersecurity and Compliance initiative in the Department Homeland Security’s Countering Weapons of Mass Destruction Office (DHS CWMD). The scope of this initiative encompasses a variety of information security expertise: Security Control Assessors as described here, as well as Penetration Testers, Software Security analysis, CDM / vulnerability management, and IT Governance work in Data Management, Enterprise Architecture, and IT Investment. Support will primarily benefit CWMD’s Systems Support Directorate (SSD). The agency’s main work is to develop and/or acquire CBRN detection equipment through the DHS acquisition process and deploy that equipment to DHS’s front-line operators to alert them of the presence of chemical, biological, radiological, or nuclear weapons or materials present in the people, vehicles, or cargo entering the country.Must be a U.S. Citizen.Active SECRET clearance, ability to pass DHS background investigation.Responsibilities:
- Conduct information system security control assessments in order to evaluate the design, implementation and operational effectiveness of security controls for CWMD information systems in accordance with NIST SP 800-53.
- Create assessment plans outlining the scope, objectives, schedule and methods used for assessing information system security controls, ensuring compliance with NIST, DHS, CISA and CWMD frameworks.
- Analyze findings from assessments to determine the overall risk posture of systems and recommend remediation actions to mitigate identified vulnerabilities. Collaborate with stakeholders to prioritize and provide actionable recommendations.
- Document the assessment using the DHS CSAM or other appropriate tools. Ensure documentation supports federal audit readiness.
- Prepare security assessment reports that detail the status and effectiveness of security controls and deviations from baseline requirements, and provide actionable insights to system owners, stakeholders, and CWMD leadership.
- Work closely with system owners, system security personnel, and other stakeholders to provide guidance on security control implementation, continuous monitoring, and the development of risk-based plans of action and milestones (POA&Ms).
- Provide cybersecurity expertise throughout the RMF lifecycle and represent CWMD cybersecurity leadership where necessary.
- Ensure that systems comply with applicable guidance as part of the overall system authorization process (e.g., RMF), helping to maintain an authority to operate (ATO).
- Correspondence with program management office to correct deficiencies.
Qualifications:
- Minimum of 12 years of directly related experience with a Bachelor’s degree (or 10 with a Master’s degree)
- Highly skilled cybersecurity professional with a keen understanding of technology including but not limited to application, databases, networking, containerization, cloud architecture, and artificial intelligence to support adequate security and remediation planning activities.
- Experience in vulnerability Application and database security assessment, scanning and results interpretation.
- Deep understanding of cloud security principles, including identity and access management, data protection, and incident response and proficiency in AWS services such as EC2, S3, RDS, Lambda, and IAM.
- CISA High Value Asset Assessment Lead certified within 6 months.
- Strong working knowledge of CIS 2.0 and the AWS Well Architected Framework (Security Pillar).
- Experience using DHS (DOJ) Cyber Security Assessment and Management (CSAM) or other federal government GRC tools (e.g., DoD Enterprise Mission Assurance Support Service (eMASS), Xacta) to manage the assessment and authorization (A&A) lifecycle.
- Understanding of CI/CD tools and processes, including tools such as Jenkins, GitLab CI, and CircleCI.
- Skills in monitoring and ensuring compliance with security standards and regulations within CI/CD and DevSecOps environments.
- Knowledge of specific security controls for AI systems, including data protection, model integrity, and algorithm security.
- Strong communication, organizational, analytical, and problem-solving skills
- Ability to support and manage multiple concurrent projects with shifting priorities in a fast-paced, deadline driven environment
- Strong organizational skills
- Ability to work with a variety of colleagues with varying levels of experience
- Ability to work in a team environment
- Mastery in use of personal computers with extensive experience using Microsoft Office Suite; familiarity with web-based applications including Microsoft Teams a plus
About Mayvin:Mayvin offers our employees an innovative culture, excellent benefits and amenities, an inclusive work environment, ongoing career development, and recognition and rewards to honor hard work. Most importantly, our employees have a voice and are heard; we treat our employees with unwavering dignity and respect. Mayvin is dedicated to protecting the interests of the United States. We made a commitment to deliver unparalleled service to serve the interests of national security. Come join us in tackling our nation’s hardest problems in a place where #PeopleMatter #ReimagineYourMission.Apply Now” class=” central-validator input–dark-grey” aria-label=”Legal First Name” required=”required” value=””>Legal First Name*” class=” central-validator input–dark-grey” aria-label=”Legal Last Name” required=”required” value=””>Legal Last Name*” class=” input–dark-grey” data-parsley-type=”email” aria-label=”Email” minlength=”1″ required=”required” value=””>Email*” onpaste=”return false;” autocomplete=”off” class=” input–dark-grey” data-parsley-type=”email” aria-label=”Confirm Email” minlength=”1″ required=”required” value=””>Confirm Email*Phone*arrow_drop_downsearchsearchNo results found.Do you consent to receiving text communications related to your job application via SMS from MAYVIN INC, which may include autodialed and automated messages, at the mobile number provided? Message frequency may vary and applicable data rates may apply.*Yes/No * Yes No” id=”quick-apply-desktop__application-form__resume__input” accept=”.pdf,.doc,.docx,.txt,.ppt,.pptx” required=”required” style=”width: 0; height: 0; opacity: 0; overflow: hidden; position: absolute; z-index: -1; ” data-parsley-errors-container=”#quick-apply-desktop__application-form__resume__errors-container” aria-label=”Attach Resume” tabindex=”-1″> Attach Resume/CV*I confirm that I have read and
agree to thePrivacy PolicyPrivacy Policy StatementThis message contains information which may be privileged and confidential. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy, or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender immediately and delete it.. *Start Applicationchevron_leftSign InWelcome ! It looks like you have an account with this email. Please enter your password to complete your application.” class=” input–dark-grey” minlength=”8″ maxlength=”30″ required=”required” value=””>Password* Sign InThanks!An email has been sent to you with a password to access your account.Ready for the next step?View More PostingsApply Now” class=” central-validator input–dark-grey” aria-label=”Legal First Name” required=”required” value=””>Legal First Name*” class=” central-validator input–dark-grey” aria-label=”Legal Last Name” required=”required” value=””>Legal Last Name*” class=” input–dark-grey” data-parsley-type=”email” aria-label=”Email” minlength=”1″ required=”required” value=””>Email*” onpaste=”return false;” autocomplete=”off” class=” input–dark-grey” data-parsley-type=”email” aria-label=”Confirm Email” minlength=”1″ required=”required” value=””>Confirm Email*Phone*arrow_drop_downsearchsearchNo results found.Do you consent to receiving text communications related to your job application via SMS from MAYVIN INC, which may include autodialed and automated messages, at the mobile number provided? Message frequency may vary and applicable data rates may apply.*Yes/No * Yes No
This value is required.” id=”quick-apply-mobile__application-form__resume__input” accept=”.pdf,.doc,.docx,.txt,.ppt,.pptx” required=”required” style=”width: 0; height: 0; opacity: 0; overflow: hidden; position: absolute; z-index: -1; ” data-parsley-errors-container=”#quick-apply-mobile__application-form__resume__errors-container” aria-label=”Attach Resume” tabindex=”-1″> Attach Resume/CV*I confirm that I have read and
agree to thePrivacy PolicyPrivacy Policy StatementThis message contains information which may be privileged and confidential. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy, or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender immediately and delete it.. *Start Applicationchevron_leftSign InWelcome ! It looks like you have an account with this email. Please enter your password to complete your application.” class=” input–dark-grey” minlength=”8″ maxlength=”30″ required=”required” value=””>
Expected salary:
Location: Washington DC
Job date: Sat, 26 Oct 2024 04:40:53 GMT
Apply for the job now!