Key Role:
Work with organizations throughout the systems engineering life cycle and all phases of the Risk Management Framework (RMF). Assist organizations with system security classification, system categorization, and proper selection of cybersecurity controls. Advise and assist component organizations in complying with security guidance in their cloud application environment, including ensuring compliance with all Security Technical Implementation Guides (STIGs) and Ports and Protocols guidance. Assist the information system owner with the development of RMF artifacts and the upload of all required artifacts and supporting documentation into the eMASS for component Interim Authority To Operate (IATO) or Authority To Operate (ATO) packages. Analyze the design and building of, test, and deploy technical solutions and processes to improve the efficiency and security of client cloud migrations and ensure compliance with necessary laws, regulations, and industry standards. Select and operate security and compliance tools, leverage information security principles as they apply to Cloud-hosted applications, provide industry knowledge of DevSecOps trends and tools, and use technical expertise to implement technical solutions in either AWS or Azure cloud environments.

Basic Qualifications:

• 10 years of experience with IT or Cybersecurity
• 3 years of experience with tools and capabilities for vulnerability assessments and compliance reporting
• 2 years of experience with supporting cloud applications or performing the Risk Management process for cloud systems
• Experience with developing Risk Management artifacts, including SSP, SAP, SAR, RAR, or POA&M
• Knowledge of cloud computing concepts and how security controls are applied to those cloud-based technologies, including architecture and networking, identity and access management, data protection, logging detection and response, and security controls for containers using tools such as Docker or Kubernetes
• Knowledge of Information Assurance and Cybersecurity policies, procedures, and practices, including the RMF, FISCAM and NIST SP 800-53
• Ability to plan, test, and evaluate moderately complex operating systems, including Windows and Linux, database systems, including MS SQL, web applications, and networking hardware
• Top Secret clearance
• HS diploma or GED

Additional Qualifications:

• Experience with Terraform preferred
• Knowledge of Git and GitOps
• Knowledge of using Infrastructure as Code (IaC) to deploy workloads and services
• DoD 8140 IAT II certification
• CEH, CASP+ CE, CCNP Security, CISA, CISSP, GCED, GCIH, AWS, or Azure certifications preferred

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Top Secret clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.