Description
Please note - To be considered for this role you must possess a current and active TS/SCI clearance with Poly.
Responsibilities:
Seeking a strong cyber security engineer (CSE) or information security systems engineer (ISSE) to assist in establishing, coordinating, and maintaining our cloud service provider (CSP) cyber security posture and perform risk analysis within CLOUDworks Security.
CLOUDworks Security manages security assessments, security compliance, change management, and continuous monitoring responsibilities across 5 cloud service providers (Amazon Web Services, Google Cloud, Oracle Cloud, Microsoft Azure, and IBM Cloud) The position requires a healthy mix of technical and policy knowledge. Candidate shall understand and have experience implementing services to intelligence community standards like ICD 503, NIST Risk Management Framework and cloud technologies. Responsibilities include, but are not limited to the following:
Lead technical exchange meetings with cloud service provider to review cloud service architecture
Evaluate data flow and architecture diagrams of cloud services for compliance with security standards.
Assist with reviewing, maintaining, and ensuring all Assessment and Authorization (A&A) documentation, including Customer’s security plans, are complete, of high quality, and ready for authorization.
Assist with developing risk mitigation strategies, solutions, and recommendations through conducting and/or participating in holistic information security testing assessments.
Perform and provide the risk tradeoff analysis that weighs competing equities of cyber security compliance, cost, and mission needs.
Assist with developing, documenting, and assessing measures and metrics as they pertain to information security assessments and risk acceptance.
Provide guidance and recommendations concerning all aspects of the Commercial Cloud Enterprise (C2E) A&A, the functions of sub-processes, and the impact of changes when required.
Review Plan of Actions and Milestones (POA&Ms) to ensure programs are making progress in mitigation risk to system
Qualifications:
Must possess and maintain a TS/SCI clearance with a polygraph
BS 12-15, MS 10-13, PhD 8-10
A degree (or equivalent experience) in Computer Science, Information Systems, Engineering, Business, or a scientific or technical discipline.
Multiple years’ relevant experience (minimum 5 years, 10+ years is strongly desired) in cyber security with a passion to learn in a fast-paced environment
The ability to analyze systems, including forensically, for malware, misuse, and/or unauthorized activity.
Knowledge of investigation and analysis of all data sources, which may include Internet, Intelligence Community reporting, security events, firewall logs, forensic hard-drive images, and other data sources to identify malware, misuse, unauthorized activity or other cyber security related concerns.
Knowledge of computing design concepts and implementation.
Knowledge of network defense monitoring tools and systems
Self-starter mentality
Familiar with Amazon Web Services, Oracle Cloud, Google Cloud, IBM Cloud and Microsoft Azure cloud architecture or willingness to study independently to pick up expertise in one or many cloud vendors
Strong communication skills are required to engage with internal stakeholders and external stakeholders across intelligence community.
Ability to conduct TEMs with cloud service providers on cyber security topics.
Knowledge and experience of intelligence community security policies; relevant federal and private standards and requirements (e.g., ICD 503, CNSSI 1253, NIST SP 800-53)
Experience working with a federal information security program and collaborating with security control assessors (SCAs).
Ability to understand and convey threats and impact of threats related to the results of a security assessment.
Familiar with continuous monitoring requirements to include scan analysis for critical or high findings with common scan tools (e.g., Rapid 7, Nessus, Qualys).
Experience with creating, monitoring, and closing system or service Plans Actions and Milestone items (POA&Ms).
Experience with utilizing compliance tools to track assessment and authorization activities (e.g. Xacta 360, Risk Vision, RSA Archer).
Knowledge of common control provider concept within NIST Risk Management Framework.
Desired Qualifications:
Ability to provide technical cyber security guidance
Ability to convey technical information to non-technical individuals
Ability to create complex system designs, resolve engineering problems, and propose preventative strategies
Ability to work in a dynamic and challenging environment
EEO Statement
Arcfield proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active-Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.
|
