Security Delivery Practitioner

About The Position

Requirements

• Bachelor’s degree with 3 years’ experience or 5 years’ work experience equivalent
• 3 years of experience in IT, cyber security, and/or CNO software development or security research
• 3 years of network experience (including at least 1 year of cloud experience) in large-scale global environment
• Experience working with Linux command line
• Experience with RMF workflow tools such as XACTA or eMASS
• Experience using the NIST Risk Management Framework processes
• Experience virus scanning and using auditing tools
• Experience with reviewing system and audit logs
• Experience using databases or spreadsheets to develop/maintain Plans of Action & Milestone (POA&Ms)
• Active DoD 8570 Information Assurance (IAM) Level I, (IAT) level II Certification
• Experience in TS/SCI information security requirements
• Must have an active TS/SCI with polygraph level clearance

Nice To Haves

• Experience controlling, labeling, and secure data transfer between information systems
• Excellent writing and communication skills
• Ability to communicate security solutions with development/engineering team

Responsibilities

• Perform, or review, technical security assessments of cloud computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies
• Validate and verify cloud system security requirements definitions and analysis, and establish secure cloud system designs
• Design, develop, implement, and/or integrate IA and security systems and system components specifically for cloud networking, computing, and enclave environments, including those with multiple enclaves and differing data protection/classification requirements
• Build IA into cloud systems deployed to operational environments
• Assist cloud architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of customer security policy and enterprise solutions within cloud environments
• Support the building of secure cloud architectures and enforces the design and implementation of trusted relations among external systems and cloud architectures
• Assess and mitigate cloud system security threats/risks throughout the program life cycle
• Contribute to the security planning, assessment, risk analysis, risk management, certification, and awareness activities for cloud system and networking operations
• Review certification and accreditation (C&A) documentation for cloud systems, providing feedback on completeness and compliance of its content
• Apply system security engineering expertise in one or more of the following to: cloud system security design process; engineering life cycle; information domain; cross-domain solutions; commercial off-the-shelf and government off-the-shelf cryptography; identification; authentication; and authorization; cloud system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; principles of IA (confidentiality, integrity, non-repudiation, availability, and access control); and security testing
• Support security authorization activities for cloud systems in compliance with NSA/CSS Information System Certification and Accreditation Process (NISCAP) and DoD Risk Management Framework (RMF), the NIST Risk Management Framework (RMF) process, and prescribed NSA/CSS business processes for security engineering.