Cloud Information Systems Security Specialist, Senior

Key Role:
Work with organizations throughout the systems engineering lifecycle and all phases of the Risk Management Framework (RMF). Assist the organizations with the system security classification, system categorization, and proper selection of cybersecurity controls. Advise and assist component organizations in complying with security guidance in their cloud application environment, including ensuring compliance with all Security Technical Implementation Guides (STIGs) and Ports and Protocols guidance. Assist the information system owner with the development of RMF artifacts and the upload of all required artifacts and supporting documentation into the eMASS for component Interim Authority To Operate (IATO) or Authority To Operate (ATO) packages. Analyze the design and building of, test, and deploy technical solutions and processes to improve the efficiency and security of client cloud migrations and ensure compliance with necessary laws, regulations, and industry standards. Select and operate security and compliance tools, leverage information security principles as they apply to Cloud-hosted applications, provide industry knowledge of DevSecOps trends and tools, use technical expertise to implement technical solutions in either AWS or Azure cloud environments.

Basic Qualifications:

  • 10 years of experience with developing Risk Management artifacts, including SSP, SAP, SAR, RAR, or POA&M
  • 5 years of experience with tools and capabilities for vulnerability assessments and compliance reporting, including eMASS, ACAS, CMRS, HBSS, STIGs, or SRGs
  • 2 years of experience with supporting cloud applications or performing the Risk Management process for cloud systems
  • Knowledge of cloud computing concepts and how security controls are applied to those cloud-based technologies, including architecture and networking, identity and access management, data protection, logging detection and response, and security controls for containers using tools such as Docker or Kubernetes
  • Knowledge of Information Assurance and Cybersecurity policies, procedures, and practices including the RMF, FISCAM and NIST SP 800-53
  • Ability to plan, test, evaluate moderately complex operating systems, including Windows and Linux, Database Systems, including MS SQL, web applications, and networking hardware
  • TS/SCI clearance
  • BA or BS degree
  • DoD 8140 IAT III certification

Additional Qualifications:

  • Experience with Terraform preferred
  • Knowledge of Git and GitOps
  • Knowledge of using Infrastructure as Code (IaC) to deploy workloads and services
  • CEH, CASP+ CE, CCNP Security, CISA, CISSP, GCED, GCIH, AWS, or Azure certifications preferred

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

#LI-AH1

Not ready to apply? Join our talent community and sign up for job alerts.