Cloud Security Specialist
Job Type: Permanent, Full-Time
Location: Hybrid; Virginia
Salary: Up to $160K
Looking for a Cloud Security Specialist to join a contract with a federal government client in support of an important mission. In this role, you will have the opportunity to work with a great team while supporting Customs and Border Protection.
The Cloud Security Specialist supports all Risk Management Framework (RMF) activities and leads the team in AWS Cloud Security understanding and operations. This includes the process managing security and privacy risk, including information system categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring. This person also supports the security activities associated with evaluating, implementing, managing security practices and continued operations of new and existing technologies across the Enterprise. The Cloud Security Specialist will be an expert in AWS security and will identify holes, lead taskings, create and execute plans.
4+ Years developing and implementing security operations and technology in large, complex enterprises, across a wide range of technology platforms.
4+ Years on any Cloud Platform (AWS, Azure, Google, others).
1+ Years experience with AWS.
Familiar with Applying NIST and Federal IT Security best practices to Business Intelligence and data warehousing toolsets.
Experience creating all documentation related to ATO.
Deep hands-on experience leading the design, development, and deployment of business software at scale.
Experience with service-oriented architectures, private and public clouds, and web services security.
Strong skills in security principles such as least privilege access, defense in depth, preventative vs. detective controls, Infrastructure and Network Security, Data protection, and Incident response.
Professional experience and good technical knowledge of application security, system security, network security, authentication/authorization protocols, and cryptography.
Experience advising customers on industry standards such as PCI DSS, ISO 27xxx, SOC, HIPAA, GDPR, and NIST/DoD frameworks.
Experience with enterprise risk management methods and techniques to drive successful outcomes in a global enterprise environment.
Good understanding of Enterprise Networks, Security, and Identity Access Management.
Configuration management using CloudFormation and/or Chef/Puppet.
Experience with agile approaches and Experience in DevOps or DevSecOps and how they impact risk management and compliance.
Hands-on technical expertise in technology automation, implementation, integration, and/or deployment using scripting and/or IaaC.
Knowledge of professional software engineering practices & best practices for the full software development life cycle, including coding standards, code reviews, source control management, libraries building, build processes, testing, and operations.
Demonstrated ability to mentor other software developers to maintain architectural vision and software quality.
Experience taking a lead role in developing complex software systems that have successfully been delivered to customers.
Customer-facing skills and drive discussions with senior personnel regarding trade-offs, best practices, project management, and risk mitigation.
Strong verbal and written communication skills, with the ability to work effectively across internal and external organizations.