90 applicants

Company

Valiant Solutions, LLC · 1 day ago

Security Compliance Engineer

United States

Full-time

Remote

Mid, Senior Level

$150K/yr - $164K/yr

5+ years exp

Maximize your interview chances

Cyber SecurityInformation Technology

Comp. & Benefits

No H1B

Security Clearance Required

Insider Connection @Valiant Solutions, LLC

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Provide security guidance for systems during the design and development of systems so the system achieves an ATO

Develop and improve security compliance and privacy documentation in support of system ATOs and their maintenance during on-going authorization

Collaborate with multiple security and infrastructure teams on the integration of security tooling and mechanisms

Perform detailed architecture and technical design reviews on the full stack for vendor solutions (example of some areas requiring detailed analysis):

Assess and document encryption standards for encryption at rest and in transit (what cipher sets are used? What type of encryption? etc)

Assess and document authentication mechanisms for all points in the system (Is MFA implemented at all authentication points? Is the MFA solution approved and compliant with NIST and agency standards?)

Assess and document session management and control for all layers of the system

Schedule and lead screen sharing sessions with the vendors to gain full understanding of the technology stack, document all security relevant information required for the architecture review, and create a full report for presentation to the CISO

Serves as the IT security POC (ISSO) for assigned systems to ensure agency information systems comply with FISMA OMB and agency Policies.

Oversee and manage relationships for assigned systems that may be contractor owned and contractor operated, ensuring vendors comply with agency security and privacy requirements.

Assist stakeholders with IT security related activities to ensure project deadlines are met.

Ensure security activities are implemented throughout the SDLC from beginning to end.

Ensure all systems are operated, maintained and disposed of IAW documented security policies and procedures including but not limited to Assessment & Authorization (A&A).

Support the development and maintenance of all security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports.

Research assigned IT security systems to provide insight on IT security architectures and IT security recommendations for assigned systems.

Report, and respond to security incidents.

Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched and security hardened at all levels of the “stack,” and monitor to see that vulnerabilities are re-mediated as appropriate.

Promote Information Security Awareness and provide training.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

AWSGCPAzureNIST 800-53Security certificationsNIST PoliciesFISMA ComplianceCICD pipelineNessus Tenable SecurityNetSparkerVulnerability managementMulti-factor authenticationConfiguration managementIncident AnalysisWeb application securityVirtualization securityHardening best practicesEncryptionRisk assessmentDocumentation improvement

Required

5+ years of experience in the IT security field

Bachelor's degree in Computer Science, Information Systems, Mathematics, Engineering, or related degree or an additional three (3) years of relevant experience

4+ years experience supporting A&A (NIST 800-53) and compliance activities

4+ years of hands-on technical experience as a System Architect or Security Engineer

Experience in reviewing 3rd party security assessment reports

Experience in cloud security technologies including but not limited to AWS, GCP, and Azure

Have detailed knowledge and experience with NIST Policies, Governance, Security Planning and Architecture, FISMA Compliance, RMF, Incident Analysis, and General Security Best Practices

Possess strong written and oral communication skills to support customers, internal stakeholders, peers, and public audiences

Ability to communicate, both written and orally, to both technical and non-technical stakeholders

Technical expertise with Nessus Tenable Security and NetSparker reports

Strong communication skills to interact with senior managers, junior staff, and business unit (non-technical) customers