Plan, Design, and Implement secure cloud strategies and policies that meet client, program, and federal guidelines.
Interface with clients, stakeholders and project lead to overlay and ensure security/compliance requirements are built alongside functional requirements.
Create, contribute, and maintain secure design patterns for existing and future projects
Manage several simultaneous projects from conception through implementation
Expertise in threat modeling and ability to articulate architectural and technology decisions rationale through compliance and risk-based assessments.
Interface with multiple teams to identify, correct, and implement compensating controls within focus areas of the enterprise.
Align business objectives to security and compliance requirements across multiple internal and external teams.
Utilize 7+ experience in creating secure cloud environments, 3+ years in defending enterprise environments, and 2+ years in threat modeling to guide decision-making processes.
Evaluate new technologies and recommend those security solutions that align with business needs
Work independently with minimal supervision, demonstrating a self-starter attitude.
Mentor and train other members on the team
Requirements:
BS or MS in Computer Science, Computer Engineering, Information Security or related field.
Strong understanding of IaaS, PaaS, SaaS
Strong Knowledge of security frameworks such as NIST 800-53, ISO 27001, and CIS Controls
Strong knowledge of cyber security principles, technologies and best practices
7+ years of experience in creating secure cloud environments following federal standards across multiple cloud service provider (AWS, Azure, GCP).
3+ years of experience defending enterprise environments.
Expertise in threat modeling and risk assessment methodologies.
Strong understanding of compliance frameworks and ability to make decisions based on both compliance and risk considerations.
Excellent communication skills to interface with multiple teams, stakeholders and senior leadership
Ability to serve as security subject matter expert who can explain complex topics to both technical and non-technical stakeholders
High level scripting language (Python, JavaScript, Go, Java)
Self-starter with the ability to work independently and take ownership of projects.
Strong understanding of the NIST 800-53 framework and control families
Preferred Qualifications:
Certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or Certified Information Security Manager (CISM).
Experience with a variety of cloud service providers (e.g., AWS, Azure, Google Cloud Platform). - Expert with industry-specific compliance requirements.
Knowledge of emerging cybersecurity trends and technologies.
Washington, District of Columbia