Sr. Cloud Security Engineer (Remote)

About The Position

Requirements

• Bachelor's Degree in Cybersecurity/Information Technology Security or related field of study from an accredited college or university.
• 5+ years of specialized experience with hands-on skills in performing IT Application Security Assessments and specialized experience in Secure SDLC and Source Code Analysis (Manual &Tools) on Web-based Applications.
• CERTIFICATIONS (One or more required): Certified Secure Software Lifecycle Professional (CSSLP) Certified Cloud Security Professional (CCSP) Offensive Security Certified Professional (OSCP) EC-Council Certified Application Security Engineer (CASE) GIAC Certified Web Application Defender (GWEB) Azure Developer Associate Microsoft 365 Certified Security Administrator Associate Microsoft Certified Azure Security Engineer Associate
• Public Trust Investigation security clearance.
• Hands-on experience with Static and Dynamic Application Security Testing using tools like HP Fortify, HP WebInspect, HCL Appscan, Snyk, Checkmarx, Synopsys, and Veracode.
• Strong experience in Continuous Integration (CI) and Continuous Deployment (CD) practices.
• Proficiency implementing FISMA, NIST, OMB guidelines, and other Federal regulations and guidance.
• Experience interpreting and implementing FISMA/NIST requirements focused on the operational implementation and documentation of those requirements.
• Proficiency in manual code review with the ability to identify potential vulnerabilities and best coding practices.
• Expertise in application vulnerability and security assessments using various tools like Burp Suite Pro, OWASP Zap Proxy, DirBuster, Kali Linux, Metasploit Pro, Accunetix, Insight AppSec, GitLab, Coverity, Fortify, and GitHub Enterprise.
• Working knowledge of security controls for cloud-hosted environments, applications, and services.
• Prior experience in assessing application vulnerabilities and bugs in various applications.
• Prior experience creating security testing pipelines and test plans.
• Ability to implement and deploy an organization-wide Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities in development and production environments.
• Extensive experience in preparing test Plans, writing test Cases, test Execution and follow up remediation efforts.
• Familiarity with coding languages such as Java, .NET, Python, PHP, C++, C#.
• Effective communication and collaboration skills to work with cross-functional teams, business units, stakeholders, and IT professionals, and brief executives.
• Must be a US Citizen and be able to obtain Public Trust Clearance.
• Must be able to pass a drug screening, criminal history, and credit checks.
• Must have lived in the United States for the past 5 years.
• Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members).

Nice To Haves

• Advanced degree in Cybersecurity or related field (desired).
• Secret Security clearance is preferred.

Responsibilities

• Responsible for the application security function and for information technology security (Cybersecurity/InfoSec) engineering, and design and serves as a technical expert authority.
• Solve significant problems complicated by interfaces and inter-relationships between and among programs, systems, functions, applications, and numerous critical issues for agency-wide information technology solutions, operations, and maintenance supporting the security of agency infrastructure, systems, and information.
• Manage and administer a wide range of security systems and tools: Administer and operate cloud-based security tools such as, Azure Security Center (Sentinel, Log Analytics, Azure WAF, Defender for Identity, Privileged Identity Manager); Microsoft 365 Security Suite (Defender, Advanced Threat Protection, Cloud Application Security, Protection Portal); Microsoft Security and Compliance Center; Microsoft Endpoint Manager (Intune); multi-factor authentication (MFA); web content filtering; and secure document sharing and collaboration solutions.
• Responsible for primary or alternate management of all IT Security systems including patch management, upgrades, integration engineering, and reporting.
• Manage security incident detection, response, remediation.
• Conduct cyber threat and vulnerability analysis and remediation.
• Develop security metrics and manage reporting and compliance.
• Serve as Incident Response Team member.
• Support operational implementation of FISMA/NIST standards and industry best practices.
• Manage IT Security awareness training program in coordination with the Learning Management team, to include developing and delivering IT Security awareness training modules.
• Manage Password Management system in coordination with Service Desk.
• Respond to IT Security trouble tickets generated by customers and IT staff.
• Identify solutions, work with customers and the team to execute solutions, and manage ticket input, updates, and resolution in the company’s ticketing system to maintain service level agreements.
• Support Security Operations and Engineering by providing technical solutions, support and expertise.
• Identify security risks and recommend risk mitigation strategies.
• Review new and existing systems to ensure baseline security requirements are met and to recommend security enhancements.
• Develop security architecture and technical solutions for security products.
• Develop and execute project plans to engineer, construct, deploy, and monitor/manage IT Security infrastructure solutions.
• Demonstrate in-depth understanding of security requirements associated with cloud- hosted environments, services, and solutions.
• Evaluate, recommend, and implement security controls associated with cloud-hosted environments, services, and solutions.