Job Description

GovCIO is a team of transformers\xe2\x80\x94people who are passionate about transforming government I.T. We believe in making a difference by developing digital strategies and delivering the technology-related innovation that improves governmental operations each day.

But we can\'t do it alone. We welcome and nurture an inclusive and diversified work culture. Because different backgrounds, experiences, abilities, and perspectives make us better decision-makers, problem solvers, and creators. We\'re changing the face of I.T. - from our diverse staff to the end-products we develop. And we\'re excited to expand our team. Are you ready to be a transformer?

Responsibilities

Designs and implements information assurance and security engineering systems with requirements of business continuity, operations security, cryptography, forensics, regulatory compliance, internal counter-espionage (insider threat detection and mitigation), physical security analysis (including facilities analysis, and security management). Assesses and mitigates system security threats and risks throughout the program life cycle. Validates system security requirements definition and analysis. Establishes system security designs. Implements security designs in hardware, software, data, and procedures. Verifies security requirements; performs system certification and accreditation planning and testing and liaison activities. Supports secure systems operations and maintenance.

• Craft, contribute to, assess, and recommend scalable, flexible, and resilient cloud architectures incorporating IT security and safeguarding requirements.
• Identify, evaluate, and recommend opportunities to apply innovative and emerging technologies, automate processes, continually improve quality and efficiency in engineering and enterprise audits, and implementing information assurance and cybersecurity in cloud solutions, and identify metrics for monitoring improvements.
• Responsible for software assurance, penetration testing with a range of automated tools, security patch management, secure cloud and hybrid engineering, and CDS
• Recommend, install, configure, operate, and maintain Government-approved IT security tools, RSA Archer and applications to support overall information assurance activities necessary to protect systems in client security environments.
• Develop, maintain and troubleshoot scripts to facilitate the integration and automation of security requirements throughout DevSecOps activities.
• Review and recommend improvements in audit sharing agreements, processes, and technologies between client and other federal agency systems.
• Work with the client to onboard data sources and fully configure the security information and event management (SIEM) or security event management (SEM) to meet enterprise security and governance requirements.

Collaborate with the client in developing repeatable information assurance and cybersecurity processes and provide engineering assistance to Security Control Assessors in support of Assessment and Authorization efforts. * Recommend, install, configure, operate, and maintain client-approved IT security tools and applications to support overall information assurance activities necessary to protect systems in the customer environments.

• Coordinate with teams across the enterprise on the migration of existing IT services to the cloud, including identifying security technical requirements and potential problems and issues, and participating in Agile software development teams.

Participate in network and system design to facilitate implementation of appropriate systems security policies. * Apply coding and testing standards, security testing tools (including \xe2\x80\x98fuzzing\xe2\x80\x99 static-analysis code scanning tools), and threat modeling.

Assist with leading technical discussions with stakeholders, help manage client expectations, and develop advanced Splunk reporting. * Ability to review cloud environments and submit a gap analysis report regarding risks, security vulnerabilities and Continuous Monitoring.

• Collaborate with system developers to discuss and review the Enterprise Audit (EA) strategy, requirements, and audit handling requirements.
• Develop/update and maintain system-specific audit review dashboards and reporting mechanisms.
• Identify and evaluate opportunities to apply innovative and emerging technologies, automate processes, continually improve the conduct and efficiency of client audit activities and Enterprise Audit compliance of systems and infrastructure, and identify metrics for monitoring improvements.
• Strong planning and organizational skills. Detail-oriented, decisive, and goal-oriented to consistently exceed objectives.

Required Qualifications

• Bachelor\'s with 8+ years (or commensurate experience)
• Active Top Secret clearance required and able to acquire DHS suitability
• Minimum of 5-8 years of security engineer experience.
• Previous experience (at least 4 years) with performing security engineering in a cloud environment, specifically supporting AWS.
• Experience with penetration testing using various automation tools, security patch management, secure cloud and hybrid engineering, and CDS
• Knowledge of IaaS, PaaS and SaaS architectures.
• Experience with Nessus, Tenable Security Center, Linux based systems, Splunk and Amazon Cloud.
• Strong familiarity with NIST 800-53 and FedRAMP requirements.
• Knowledge in the availability, scalability and efficiency of AWS Cloud Platform in order to engineer reliability into all cloud network and virtualization technologies.
• Ability to review and influence new and evolving design, architecture, standards, and methods for security infrastructures, vulnerabilities and networking at scale

GovCIO