SME-Cloud Security, Expert

Title: SME--Cloud Security, Expert
Location: On-site Bethesda, MD
·       Job Type: Full-time (40 hours per week) with benefits.
·       Availability: immediate.
·       Security Clearance: TS/SCI with FS Polygraph.
·       Years of SCA Experience:
o   4 Years with a PhD
o   6 Years with a master’s degree
o   8 years with a BS degree
Job Description
Cloud Security SME (ISSE/ISSO)
 
•       A successful candidate will work with others on the program security team to provide for all aspects of security including but not limited to the following:
•       Work with others on the program security team to provide for all aspects of security including but not limited to the following Activities:
•       Provide expert-level knowledge, both in context and execution, with the Risk Management Framework to support a NIST SP 800-53 HHM systems through the A&A process.
•       Construct thorough and complete security documentation to include, but not limited to, System Security Plans (SSPs), Plans of Actions and Milestones (POA&Ms), and any other artifacts to support the Body of Evidence (BOE) for the sponsor's approval.
•       Identify security controls and work with engineering, development, and testing staff to construct proper test plans and procedures.
•       Implement security audit reviews, verifying that the audit records are collected and reviewed.
•       Coordinate all security testing exercises, working with external assessment teams and technical staff.
•       Configure and support various AWS services to protect the security posture of the system
 
EDUCATION/EXPERIENCE:
•   Education: Bachelors (Computer engineering, Computer Science, Electrical Engineering, Information systems, Information Technology, Cybersecurity, or a closely related discipline)
 
Desired Skills:
•       Demonstrated strong technical skills and analytic abilities, as well as experience performing system security analysis and risk management.
•       Demonstrated experience with security in the Amazon Web Services environment.
•       Demonstrated experience performing complex technical tasks in pursuit of overall goals with minimal direction.
•       Demonstrated experience in translating an understanding of systems and applications into security test plans and performing hands-on security testing.
•       Demonstrated knowledge of risk management methodologies.
•       Demonstrated experience in analyzing test results and suggesting mitigations for security problems.
•       Demonstrated technical experiences with system configuration, development, and design, specifically in enterprise systems and hypervisors.
•       Demonstrated experience with Linux and virtual platforms.
•       Documented working experience with public and private information security groups and organizations.
•       Possesses experience with communicating vulnerability results and risk posture to senior executives.
Possess a broad knowledge of Information Security policies and guidance, as well as the ability to assist in researching, evaluating, and developing relevant security policies and guidance.