Job Description
This is a direct hire position with our client, requiring 1-2 days/week onsite at the federal customer's location in Camp Springs, MD.
Responsibilities Include:
- Develop and update the information system security documentation (e.g., Security Plan, Contingency Plan, Contingency Plan Test, Business Impact Analysis, FIPS-199, eAuthentication, Privacy Threshold Analysis, etc.)
- Ensure systems are appropriately patched and hardened.
- Coordinate the remediation of Plan of Action and Milestones (POA&M) with various groups.
- Facilitate and support the Ongoing Authorization Program.
- Effectively communicate technical information to non-technical personnel.
- Conduct ISSO responsibilities to include the approval of change request, review of audit logs, review of system accounts, and analysis of vulnerability scans.
- Develop waivers & exceptions for information system vulnerabilities.
- Work with clients to develop capabilities, briefings, and presentations.
- Provide security recommendations to the Risk Management Branch Chief.
- Must be a US Citizen able to obtain an agency-specific suitability / public trust clearance prior to starting.
- Must reside within a commutable distance to our client's location in Camp Springs, MD in order to work a hybrid onsite schedule (1-2 days /week onsite).
- Active CASP, GSEC, GSLC, CISSP, CEH, CISM, CISA, or comparable certification.
- Active AWS, Azure or Google Cloud Certification.
- Prior experience leading systems through the FedRAMP ATO process.
- Bachelor's degree in Information Systems / Information Technology, Computer Science, Computer Engineering, Electrical Engineering, related field, or 4 years of relevant experience.
- 7+ years of total work experience with 4+ years of technical experience working with databases, computers, storage, and networks on one or more of the following platforms: AWS, MS Azure, Google Cloud Platform, VMware, or Oracle Cloud Platform.
- Experience with:
- Applying cloud security concepts, requirements, design development, implementation, and integration for existing and new technology product offerings.
- Cloud engineering, management, maintenance, or architecting with Kubernetes or OpenShift, Ansible, and Terraform.
- Working with core services, networking, security groups, or policy management in relation to Cloud resources across multiple operating systems.
- Using Agile or DevOps methodologies for designing, developing, or delivering using appropriate automation techniques and tools.
- Systems Administration in Linux/Unix (Ubuntu, CentOS, RedHat, Solaris, etc.).
- Networking (TCP/IP, DNS).
- Troubleshooting / Support for technical IT issues.
- Performing risk analysis of FedRAMP tools and services.
- Extensive understanding of Cloud Computing technologies and migration challenges.
- Strong knowledge of best practice Cybersecurity and threat-based Cybersecurity frameworks and trends.
- Knowledge of security tools, security architecture, and NIST security standards and compliance measurements.
- Experience in the application of FISMA guidelines including the NIST special publications 800-18, 800-30, 800-37, 800-39, 800-53, 800-53A, 800-60, and 800-137.
- Understanding of the NIST Supplemental guidance for Ongoing Authorization.
- Excellent oral and written communication skills for contact with customers via calls, chats, and email
- Experience with container and serverless technologies (i.e.: AWS Lambda, Google Cloud Functions, Azure Functions etc.).
- Experience developing DevOps Methodologies by using orchestration tools (i.e.: Chef, Ansible, etc.).
- Engineering/architecture experience with systems in the cloud; specifically, AWS, Google, or Azure.
- Experience with Agile development practices.
- Ability to develop scripts or dashboards.
- Experience with CI/CD - Deployment pipeline experience (e.g., Jenkins, Ansible, Terraform).
- Experience with programming languages (e.g., Python, Java).
- Possess ability to provide security recommendations during the change management process.
- Extensive knowledge of Fortify, Twistlock, Nessus, DBProtect, and WebInspect vulnerability scanners.