Remote Security SME

Summary

Join our team as a Security SME to support security assessment & authorization, continuous diagnostics and mitigation, vulnerability management, and maintain a secure cloud footprint.

Requirements

• Bachelor’s degree in related discipline
• 3 years with specialization in cloud technologies
• Must have at least 12 years of on-the-job experience
• Be able to work remotely but, be able to go on-site as requested and/or occasionally with potentially some form of post-pandemic cadence, on-site in Washington DC
• Understanding of IaaS and PaaS cloud services and experience employing them to design solutions to complex problems
• Knowledge and Experience with Cloud Architecture Design, Networking and Security, DevOps and CICD Pipelines, Migration
• Automation experience including CloudFormation and/or terraform to ensure repeatable, sustainable AWS infrastructure is effectively managed
• Strong analytical, task management, time management, and communication skills necessary for handling SA&A, CDM, and Vulnerability Management initiatives, tasks, and deadlines impacting the customer’s environment
• Ability to achieve ATO from scratch or leverage and build upon existing ATO in adherence to FISMA/FedRAMP controls and Federal security policies
• Ability to collaborate proactively with varied stakeholders for developing SA&A package documentation (Ex: Contingency Plans, System Security Plans, Privacy Impact Assessments, POA&Ms, etc.), reviewing, and revising for accuracy and quality
• Monitoring the remediation of critical, high, and medium findings and vulnerabilities
• Ability to research, analyze, correlate and present vulnerability data from a variety of tools including the analysis of multilevel security risks and problems
• Ability to configure, integrate, and implement 3rd party security solutions
• Effective technical writing skills. Experience writing Plans, SOPs, POA&Ms, policies, guidance, change management request, business cases, security incident reports, risk waivers, remediation action plans, and SA&A-required documentation
• Plan, organize, and execute multiple responsibilities to achieve assessment goals and provide technical leadership to move projects to completion
• Ensure deliverables are completed on time and of high-quality
• Must be able to see opportunities for improvement, take ownership, and closely work with varied team to drive improvement
• Proficient at prioritization, multi-tasking, and proactive in work responsibilities
• Hardworking and self-motivated, with the ability to work in team and individual settings
• Detail-oriented and able to stand behind the quality of the work
• Able to learn quickly on the job in a changing environment
• Can generate proficient documentation using the Microsoft Office suite
• Able to properly understand, interpret and communicate level of effort, define due dates, and meet deadlines
• Must be a US Citizen

Responsibilities

• Support architecting state of the art, automated, fault-tolerant, and scalable AWS environments adhering to AWS best practices in standard and GovCloud regions
• Support migrating infrastructure and system/application workloads to AWS Cloud including - Rehosting (Lift and Shift), Repurchasing, Refactoring/Re-architecting, Retiring, and Retaining
• Support institutionalizing DevOps methodology and creation, maintenance, and employment of automated CICD pipelines
• Works as or closely with the ISSO to respond to Information Security data calls, inquiries, and surveys. Provide proactive communications to stakeholders regarding status, issues, or questions
• Participates, conducts, and presents in security meetings, workgroups, or training events