45 applicants

Company

Steampunk, Inc. · 18 hours ago

Cloud Security SME

McLean, VA

Full-time

Remote

Senior Level, Lead/Staff

$130K/yr - $190K/yr

8+ years exp

Maximize your interview chances

ConsultingInformation Technology

Growth Opportunities

No H1B

Security Clearance Required

Insider Connection @Steampunk, Inc.

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Identify and implement the most secure cloud-based solutions for the customer including components for zero-trust architectures, identity and access management policy, and data privacy

Understanding the needs of stakeholders and optimizing solutions that marry security with usability

Monitor cloud environments for suspicious activities with cloud native monitoring or SIEM solutions and investigate security incidents where appropriate

Ensure that systems are safe and secure against cybersecurity threats through risk assessment, threat modeling, and compliance with industry standards (e.g. NIST, ISO 27011, HIPPA, FISMA, etc.)

Automate security processes such as vulnerability management and patch management

Ensure effective design and implementation of data protection and encryption mechanisms for data at rest and in transit

Document as-is state of the environment, perform a gap analysis, and produce artifacts that articulate options and recommendations

Review and assess the security architecture of new systems, applications, and technologies to identify and mitigate potential risks.

Lead in the design and development of tools that automate compliance activities.

Recommend appropriate mitigation measures and advise on proper design trade-offs in terms of potential impacts and cost benefits.

Proactively create, monitor and update the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates.

Review and update security authorization documents as needed, but at least annually;

Perform system self-assessments as part of the customer's Ongoing Authorization program;

Provide audit support for assigned systems (Financial, A-123, FISMA, internal, DHS, etc.), throughout the audit (Pre, During, and Post Audit).

Participate in DevOps Sec (security integrated into Agile processes) requirements for assigned systems.

Ensure CM processes are followed to ensure that any changes do not introduce new security risks.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Cloud SecurityAWSAzureGCPInformation AssuranceAgile EnvironmentRisk AssessmentThreat ModelingVulnerability ManagementData ProtectionSecurity TestingCompliance StandardsSecurity AuthorizationSecurity ClearanceInformation Security CertificationGap AnalysisCloud EngineeringFISMA ComplianceNIST GuidelinesNetwork SecurityApplication SecurityDatabase SecurityCollaboration SkillsDocumentation Skills

Required

Ability to obtain a U.S. government Security Clearance

BS Degree in an IT field OR BS in a non-IT field and 8 years related IT experience

8 Years of Experience supporting Information Assurance or Cloud Security programs

5 Years of Experience architecting, designing, developing, and implementing cloud solutions

5 Years of Experience with one or more clouds (i.e. AWS, Azure, or GCP)

5 Years of Experience with systems development in an Agile environment

3 Years of Experience providing conducting monitoring, risk assessment, threat modeling and security testing in cloud environments

3 Years of Experience documenting POAMs, SSPs, and A&A support documentation

Must possess a information security certification

Excellent written and verbal communication skills, interpersonal and collaborative skills

Experience with documenting an as-is state of the environment, perform a gap analysis, and produce artifacts that articulate options and recommendations

Extensive specialized knowledge of cloud engineering or application and design

Specialized knowledge and experience in evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines

Knowledge and experience with the vulnerability scanning execution, assessment, and analysis

Evaluating operating system and network engineering (i.e., Local Area Networks [LAN] and Wide Area Networks [WAN])

Evaluating application security, database security, and network security

Supporting vulnerability scanning, assessment, and analysis

Leveraging federal information security regulation, standards, assurance principles (e.g., Defense-in-depth) and associated supporting technologies

Hands-on experience with AWS and Azure

Preferred

Able to commute to limited in person activities in the Washington, DC Metro area

Ability to possess a certification in at least two of the four CSPs: AWS, Azure, GCP, or OCI

Hands-on experience with GCP and OCI

Company

Steampunk, Inc.

Glassdoor

4.4

Change is here....Anchored by a startup culture and human-centered delivery approach, Steampunk puts our Federal government clients in the center of everything we design, develop, and deliver to drive game changing mission impacts and user experience.

Founded in 2019

Washington, District of Columbia, USA

201-500 employees