ASSESSMENT ANALYST SKILLS, EXPERIENCE, AND JOB REQUIREMENTS
Updated: Aug 1, 2024 - The Assessment Analyst is armed with a robust understanding of cyber security principles and the latest security technologies, the role demands a professional well-versed in network security and familiar with the OSI Model. This position offers the unique opportunity to apply advanced information security best practices across diverse focus areas, leveraging a suite of cyber security utilities and applications. Ideal candidates will hold Network+, CEH, and Security+ Certifications, demonstrating their commitment to excellence in the rapidly evolving field of cyber security.
Summary of Assessment Analyst Knowledge and Qualifications on Resume
1. BS in Psychology with 3 years of Experience
- Experienced in leading and delivering AandA efforts for federal agencies.
- Experienced with conducting security control assessments where independently assessing NIST 800-53 security controls and documenting results.
- Experience in determining proper security controls are in place, based on NIST 800-53, and if are not, determining what risk this presents to the organization.
- Diverse technical background with Windows, Unix, legacy systems, databases, web servers/applications, cloud and virtualization environments
- Direct experience in System Security Plan (SSP) development
- Direct experience conducting or supporting NIST-based risk assessments
- Demonstrated success interfacing directly with system owners and executive management levels
- Demonstrable excellence in written and verbal communications (samples may be requested)
- Demonstrable experience in leading, mentoring, coaching, and training team members
- Demonstrable understanding of basic Information Technology (IT) concepts (such as networking, access control, and server functions), as well as cloud concepts
- Demonstrable understanding of privacy concepts as applied to security assessment as outlined in NIST’s appendix J of 800.53
2. BS in Education with 5 years of Experience
- Ability to obtain/retain a Top Secret/SCI clearance.
- Extensive knowledge of SOF and Conventional TTPs, JMET and UJTL.
- Excellent problem-solving skills and ability to timely implement new solutions.
- Excellent oral and written communication skills with demonstrated ability to conduct presentations in front of senior-level management and customers.
- Solid computer skills, including Microsoft Office Suite.
- Strong interpersonal skills and demonstrated ability to work across diverse groups of people and at all levels of an organization.
- Reside near or be willing to relocate to the vicinity of Fairbanks/Eielson Air Force Base, Alaska.
- Experience planning/executing large Joint/Combined exercises.
- Experience in planning/executing large exercises.
- Comprehensive knowledge of exercise design and conversant in Joint Fires, Air and Ground tactics, capabilities, and equipment.
- Experience working with constructive simulation and LVC-IA systems.
- Experience supporting live fire range operations for both direct fire and air-delivered munitions.
3. BS in Statistics with 2 years of Experience
- Knowledge of information security best practices in multiple focus areas.
- Knowledge and understanding of cyber security principles and concepts.
- Familiarity with cyber security utilities and applications.
- Experience with network security, topology, networking technologies, and an understanding of the OSI Model.
- Understanding of the trending security principles, techniques, and protocols.
- Excellent verbal and written communication skills.
- Motivated and self-disciplined and strong problem-solving skills.
- Must possess a level of professionalism and diplomacy that will serve to build and maintain relationships throughout the course of the project and beyond.
- Excellent interpersonal skills that include the ability to effectively communicate verbally and in writing.
- Must possess strong problem-resolution / critical thinking skills.
- Must be flexible and work with a high level of initiative.
- Have a Network+, CEH, Security+ Certification
- Strong computer skills in Adobe and Microsoft Office applications (Project, Visio, Word, Excel, PowerPoint)
4. BA in Business Administration with 4 years of Experience
- Experience drafting clear and concise products describing complex data and analysis
- Experience in generating reports, charts, and plots of distributions and trends, descriptive statistics, and complex statistical analysis
- Experience in working effectively in analytic teams
- Experience developing custom scripts, queries, or visualizations to support the analysis of IC data
- Understanding of descriptive statistics, regression, and classification models
- Experience conducting data extraction, parsing, manipulation, and analysis of larger volumes of data from various IC databases
- Experience designing IC solutions based on user requirements
- Knowledge of IC cloud services.
- Experience in drafting evaluation reports, using enterprise integration, and metrics
- Substantial demonstrated experience applying quantitative and qualitative analytic methods, including the design, development, and management of statistical models and enterprise-wide evaluations
- Knowledge of intelligence priority topics and the supporting intelligence information needs
5. BA in Sociology with 2 years of Experience
- Consulting experience performing FISMA-compliant security control assessments for Federal Government agencies.
- Experience performing FISMA-compliant security control assessments for Federal Government agencies
- Demonstrated experience with creating, revising, and reviewing System Security Plans (SSP), Security assessment plans (SAP), Plan of Action Milestones (POandAM), and Security Assessment Reports (SAR) for low, moderate, and high systems.
- Proven success with communicating assessment results and progress to internal and external stakeholders.
- In-depth knowledge and experience applying the Nation Institute of Standards Technology (NIST) Special Publications and FIPS as a framework for conducting A and A activities on federal IT systems.
- Work in the development of staff in providing mentoring and coaching support across the AandA team
- Develop training materials, examine SOPS, and develop evergreen processes for documents produced by the AandA team
- Prepare and deliver AandA presentations to senior staff members
- Applicants selected will be subject to a Public Trust background security investigation and may need to meet eligibility requirements for access to sensitive information.
- Experience with natural language processing tools and techniques.
6. BS in Data Science with 1 year of Experience
- Experience in executing the Risk Assessment Program within the Global Information Security function
- Experience in evaluating the proposed project scope to ensure baseline control requirements are communicated to delivery teams
- Experience in ensuring the execution of streamlined assessments on all delivery projects through close collaboration with delivery organizations and subject matter experts
- Experience in executing procedures to address findings including risk acceptance and management escalation based on the level of associated risk
- May support the maintenance of the IT risk management framework, which includes the risk register, facilitates the identification of key controls, and key processes for testing controls
- Experience in executing procedures to report on assessment coverage
- Experience in educating partners on the principles of three lines of defense
- Experience in Continually supports organizational alignment and enables focused execution
- Experience in supporting the administration of the JCI common controls framework to ensure relevant internal and external information security requirements are mapped to risks and adequately tested
- Experience in maintaining risk assessment program-related policy, standard, and procedure documentation to drive consistent, reliable, and repeatable assessment activities
7. BS in Economics with 3 years of Experience
- Professional Security Certification (CAP, CASP, CISSP, etc.)
- Experience with Cyber Security Assessment and Management System (CSAM) is highly desired.
- Understand/experience in systems administration (Windows or Linux/Unix)
- Understand/experience in creating or maintaining security-related documentation
- Positive learning attitude (good team player) and Tact with customers
- Ability to work under pressure and tight timelines for multiple projects with a positive attitude and flexibility
- Ability to work in a team setting with a willingness to learn
- Excellent presentation and verbal communication skills
- Excellent communication skills and the ability to create accurate written work products by following Job Aids and document templates.
- Experience in supporting the development and implementation of security awareness, training, and continuous improvement efforts
- Experience in direct customer-facing roles Basic SQL Basic Excel (Pivot Tables) Experience in QA/QC, Compliance or Risk Management Basic knowledge of lending regulations including ECOA and UDAP
8. BS in Computer Science with 4 years of Experience
- Demonstrate expertise and track record in Web, Mobile, Network, and System application Penetration testing (Web, Mobile, API/Web Services)
- Experience using Tools for Firewall Evasion, Abuses to IPSec VPN, Border Gateway Protocol, and GRE Tunneling.
- Be an expert in penetration testing methodology
- Have experience in developing exploits and tooling from vulnerabilities both pre and post-exploitation.
- Should have experience with tools Burp Suite, Metasploit, Tenable, SQL Map, NMAP, SCAPY, and tools.
- Knowledge of OWASP Web and Mobile Top 10 vulnerabilities and identifying them.
- Be able to author and issue reports on application and system scans.
- Participate as a member of the PSIRT organization.
- Familiarity with Cloud infrastructure like AWS, Azure, GCP and SaaS Applications
- Should be able to think Out of the box.
- Possess the ability to think and implement new attack approaches/vectors.
9. BS in Mathematics with 2 years of Experience
- Have IAT Level II Baseline Certification such as CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, and SSCP.
- Have a Certified Ethical Hacker (CEH).
- Have GIAC Certified Penetration Tester (GPEN).
- Active TS/SCI (Top Secret/Sensitive Compartmentalized Information).
- Experience working with various data (network and system) technologies,
- Focused on penetration testing, information systems security, and software tool development.
- Excellent interpersonal, organization, writing, communicating, and briefing skills.
- Excellent analytical and problem-solving skills.
- Be able to maintain and contribute to the threat models
- Experience in Automating Security using Python or Java Frameworks
10. BS in Information Systems with 3 years of Experience
- Can think laterally and is keen, proactive, and can work interactively with all stakeholders.
- Knowing the Financial Advice industry
- Have excellent stakeholder management
- Having experience in business process and workflow design is critical
- Know the Financial Advice industry
- Have experience in developing organizational design and resourcing requirements
- Experience in merchant acquiring, preferably in application assessment
- A sound understanding of the mechanics of card payments, particularly acquiring
- A sound understanding of KYC principles
- Advanced Microsoft Office skills (Word, Excel, PowerPoint, and Outlook) and
- An ability to embrace systems associated with merchant assessment and monitoring
- Excellent verbal and written communication
- Organized and able to meet deadlines.