Responsibilities:

• Plan, Design, and Implement secure cloud strategies and policies that meet client, program, and federal guidelines.
• Interface with clients, stakeholders and project lead to overlay and ensure security/compliance requirements are built alongside functional requirements.
• Create, contribute, and maintain secure design patterns for existing and future projects
• Manage several simultaneous projects from conception through implementation
• Expertise in threat modeling and ability to articulate architectural and technology decisions rationale through compliance and risk-based assessments.
• Interface with multiple teams to identify, correct, and implement compensating controls within focus areas of the enterprise.
• Align business objectives to security and compliance requirements across multiple internal and external teams.
• Utilize 7+ experience in creating secure cloud environments, 3+ years in defending enterprise environments, and 2+ years in threat modeling to guide decision-making processes.
• Evaluate new technologies and recommend those security solutions that align with business needs
• Work independently with minimal supervision, demonstrating a self-starter attitude.
• Mentor and train other members on the team

Requirements:

• BS or MS in Computer Science, Computer Engineering, Information Security or related field.
• Strong understanding of IaaS, PaaS, SaaS
• Strong Knowledge of security frameworks such as NIST 800-53, ISO 27001, and CIS Controls
• Strong knowledge of cyber security principles, technologies and best practices
• 7+ years of experience in creating secure cloud environments following federal standards across multiple cloud service provider (AWS, Azure, GCP).
• 3+ years of experience defending enterprise environments.
• Expertise in threat modeling and risk assessment methodologies.
• Strong understanding of compliance frameworks and ability to make decisions based on both compliance and risk considerations.
• Excellent communication skills to interface with multiple teams, stakeholders and senior leadership
• Ability to serve as security subject matter expert who can explain complex topics to both technical and non-technical stakeholders
• High level scripting language (Python, JavaScript, Go, Java)
• Self-starter with the ability to work independently and take ownership of projects.
• Strong understanding of the NIST 800-53 framework and control families

Preferred Qualifications:

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or Certified Information Security Manager (CISM).
• Experience with a variety of cloud service providers (e.g., AWS, Azure, Google Cloud Platform). - Expert with industry-specific compliance requirements.
• Knowledge of emerging cybersecurity trends and technologies.