FLEX Assurance Analyst
FLEX Assurance Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Perform certification of Security Control attestations and evaluate the implementation of controls to support the granting of an Authorization to Operate for a release of new infrastructures services applications and processes into Marriotts Production Environments. Leverage existing Security Engagement processes and documentation in conjunction with security compliance tools to determine control implementation status. Routinely process ITSM Release and Security Engagement Tasks to document justification for all approvals. Routinely collaborate with multiple teams both technical and business to ensure Controls Assurance compliance. Understand communicate interpret and enforce Marriott International Policies and Security Standards throughout the Certification and Accreditation process. Understand and communicate Marriott International Security Control Objectives through familiarization with Marriott International Policies and Standards as well as Industry Best Practice Frameworks including but not limited to NIST RMF NIST CSF PCI DSS GDPR MPLS EU Privacy and ISO. Periodically prepare and provide status updates on Assurance engagements for reporting to Senior Manager.
CANDIDATE PROFILE
Education and Experience
Required:
Bachelors degree in Computer Science or related field or equivalent experience/certification
1-2 years experience in Information Security and at least 1 year experience in Control Assessment/Control Testing/Control Validation
Current and relevant information security certification including but not limited to CISSP (Certified Information Systems Security Professional) (ISC)2 CGRC certification ISACA PCI QSA/ISA ITIL IS Certification & Accreditation Professional - ISCAP GIAC Information Security Professional (GISP) or similar
Familiarity/experience with NIST RMF
Familiarity/experience with SDLC
Preferred:
Cloud computing certification such as AWS Solutions Architect Associate Azure Administrator Associate Google Associate Cloud Engineer
Understanding of software engineering concepts: GOF software design patterns SOLID design principles (SRP OSP LSP ISP and DIP) and design methods (Scrum XP Lean Waterfall)
Additional Skills & Attributes
Strong oral and written communication skills
Ability to conduct independent security research
Basic understanding of cryptography concepts: hashing signing encryption decryption tokenization
Basic understanding of common application security controls such as WAF RASP Intercepting Proxies
Experience with some of the following tools and technologies: GitHub Advanced Security Postman Fortify SCA Jenkins Artifactory SonarQube Docker JIRA Confluence Aqua CSP Nessus Pro or
Basic understanding of network security concepts: DOS DNS Spoofing ARP Poisoning Firewalls Intrusion Detection Segmentation
Basic understanding of Vulnerability and Patch Management practices
Basic understanding of endpoint security controls: EDR Vulnerability Scanning Agents HIDS FIM
Basic understanding of Agile Software Development Practices & DevOps
CORE WORK ACTIVITIES
Security Certification
Process Releases and Security Engagements assigned to Assurance
Review Security Engagement final documentation and verify all required controls meet the security objectives and are in-place
Reviews application architectures and implementation details for design flaws incorrect security implementation and missing security controls
Works with other security team members to research and test complex security issues
Ensures applications are built according to enterprise security standards
Input datasets into security control tools such as SD Elements and compare datasets at intervals over time to identify changes/deficiencies
Security Accreditation
Provide detailed security documentation to developers software engineers and technical personnel when necessary
Provide guidance and recommendation to software architects and engineers on how to correct code related security flaws
Administrative
Participate in peer reviews of security assessments created by other team members.
Manage tickets and SLAs associated with security testing efforts
Maintain and contribute to the enterprise SSDLC standard
The pay range for this position is $33.94 to $53.46 per hour.
FLEX opportunities offer coverage for medical dental vision health care flexible spending account dependent care flexible spending account life insurance disability insurance accident insurance adoption expense reimbursements paid parental leave 401(k) plan stock purchase plan discounts at Marriott properties commuter benefits employee assistance plan and childcare discounts. Benefits are subject to terms and conditions which may include rules regarding eligibility enrollment waiting period contribution benefit limits election changes benefit exclusions and others.
Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid for candidates within a commuting distance to Bethesda MD.
Marriott International is an equal opportunity believe in hiring a diverse workforce and sustaining an inclusive people-first are committed to non-discrimination onanyprotectedbasis such as disability and veteran status or any other basis covered under applicable law.
Required Experience:
IC
Employment Type
Full-Time
