System Security Officer

About The Position

Requirements

• All candidates must pass public trust clearance through the U.S. Federal Government. This requires candidates to either be U.S. citizens or pass clearance through the Foreign National Government System which will require that candidates have lived within the United States for at least 3 out of the previous 5 years, have a valid and non-expired passport from their country of birth and appropriate VISA/work permit documentation.
• A Bachelor’s degree in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline. OR
• In lieu of a degree, 10 years of general information technology experience and at least 8 years of specialized experience may be substituted.
• Deep, practical knowledge of Salesforce security architecture, including Profiles vs Permission Sets, Permission Set Groups, Sharing Rules, Role Hierarchies, Record-Level Security, and Delegated Administration
• Experience performing security reviews of Salesforce metadata and application logic, including Apex, Flows, and Experience Cloud configurations
• Minimum of 8 years experience implementing security controls and monitoring compliance for systems, in accordance with federal system security and privacy regulations.
• Strong understanding of continuous automated security practices applied to data and application engineering teams.
• Demonstrated ability to manage end-to-end security processes, from requirements and configuration through monitoring, reporting, and closure.
• Proven hands-on management of user onboarding and offboarding processes, including provisioning, deprovisioning, least-privilege enforcement, privileged account management, and periodic reviews.
• Experience with designing security "baked-in" to any architecture: Cloud and IaC, Applications, Web application, Data Processing, Data Centric Applications, AI/ML, CICD Pipelines; seeks automation driven designs.
• Demonstrated work experience with computer networking, cryptography, security engineering and architecture, vulnerability assessments, or operating systems as required.
• Experience automating onboarding/offboarding workflows and building dashboards (Splunk, Jira, or equivalent) for visibility into access control, vulnerabilities, and compliance posture.
• Hands-on configuration and operation of security tools (Snyk, AppOmni, Tenable, Invicti, Splunk, AWS SecurityHub), including integration into CI/CD pipelines.
• Strong technical knowledge of Salesforce security best practices (roles, profiles, permission sets, OAuth/MFA, AppOmni).
• Practical experience embedding security into CI/CD pipelines (Copado, GitHub Actions, Jenkins, Terraform, Kubernetes).
• Demonstrated ability to lead and document Security Impact Analyses (SIAs) for proposed system and architecture changes.
• Experience with CI/CD, defining security decision gates and DevSecOps, including AWS Github Actions and Copado CI/CD
• Ability to assist customers and stakeholders with defining appropriate management processes (Responsible for documenting application criticality, privacy, and security impact analysis).
• Strong working knowledge of secure SDLC, SAST/DAST/IAST/OAST tools, with ability to both configure and interpret results.
• Strong understanding business security practices and procedures; knowledge of current security tools available; hardware/software security implementation; different communication protocols; encryption techniques/tools; familiarity with commercial products; and current Internet technology.
• Hands-on scripting and automation skills (Python, Bash, PowerShell, APIs).
• Excellent organizational, analytical, and problem-solving skills in a fast-paced DevSecOps environment.
• Strong communication skills to brief leadership and collaborate with technical/non-technical teams.
• Must possess strong analytical and problem-solving abilities; and strong critical-thinking skills in complex communication environments.
• Strong attention to detail. Required to manage/follow-through of multiple independent tasks, dependencies across intra/inter-project teams.
• Demonstrated ability to work independently and as part of a cross-functional team.
• Demonstrated ability employing SAFe Agile Responsibilities as a SSO and/or DevSecOps Engineer.
• Experience with Atlassian Jira & Confluence
• Excellent command of written and spoken English.

Nice To Haves

• Federal Government contracting work experience
• Highly preferred industry certification such as the CISSP, CISM, CRISC, CEH, GIAC, etc.
• Cloud Security & Automation certifications such as AWS Certified Security Specialty, AWS Solutions Architect, GIAC Cloud Security (GCSA), and CCSK/CCSP
• Highly preferred Salesforce or Developer certifications such as Administrator, Security & Privacy, Platform Developer
• Technical / Offensive Security certifications such as OSCP, GPEN, CEH, and GWAPT
• Experience with Security Information and Event Management (SIEM) systems (i.e Splunk); DevSecOps & CI/CD: Kubernetes Security (CKS), GitHub Advanced Security, or equivalent
• Demonstrated experience facilitating tabletop exercises and embedding lessons learned into continuous improvement cycles.
• Experience developing or customizing security automation scripts and compliance dashboards for ongoing reporting to leadership.
• Prior experience managing systems in AWS cloud environments, familiarity with AWS Tools and Services.
• Strong technical knowledge of AWS cloud security (IAM, GuardDuty, CloudTrail, Security Hub)
• Strong working knowledge of DISA STIGs, CIS Benchmarks, and other hardening standards and strong working knowledge of NIST RMF, NIST 800-53 Rev 5, and FedRAMP requirements.
• Experience maintaining and updating ATO documentation (SSPs, POA&Ms, IRPs, CMPs, PIAs, contingency plans).
• Experience with Government Agency Security Assessment Process in support of maintaining and/or establishing an ATO and the appropriate security boundary.

Responsibilities

• Lead Salesforce security reviews for new features and integrations, validating object-level, field-level, record-level access, sharing behaviors, and APIs before production releases
• Design and govern Salesforce access models using Profiles, Permission Sets, Permission Set Groups, Roles, Sharing Rules, and Delegated Administration, ensuring least-privilege and separation of duties
• Manage end-to-end vulnerability management lifecycle from detection to remediation and reporting. Drive identification of new attack vectors and implement automation-driven improvements; configure and operate security tools (Snyk, AppOmni, Tenable, Invicti, Splunk, SecurityHub), to ensure findings are triaged, prioritized, and remediated.
• Champion the integration of automated security testing into the CI/CD pipeline to align with continuous delivery practices. Integrate security controls into CI/CD pipelines (GitHub Actions, Jenkins, Copado, Terraform, Kubernetes).
• Build and maintain dashboards in Splunk, Jira, or equivalent tools to report on vulnerabilities, compliance, access reviews, and system posture.
• Lead Security Impact Analyses (SIAs) for proposed changes and facilitate the SIA process within Agile cadence, ensuring change reviews don't block delivery but still meet compliance.
• Lead incident response activities, from detection through remediation and post-mortem review; conduct log reviews (Splunk), to monitor systems for breaches, and ensure tuning of detection and alerting rules.
• Define, enforce, and lead least-privilege access models for Salesforce, CI/CD pipelines, AWS and infrastructure.
• Manage end-to-end user lifecycle: onboarding, offboarding, least-privilege enforcement, privileged access reviews, and IAM guardrail enforcement.
• Automate identity and access workflows wherever possible and integrate continuous access reviews with reporting dashboards.
• Develop automation (Python, Bash, PowerShell, APIs) for onboarding, compliance validation, and recurring security tasks.
• Lead compliance interactions as the primary liaison for agency data calls, reviews, and audits; maintain and update all ATO documentation (SSPs, POA&Ms, IRPs, CMPs, PIAs, contingency plans); facilitate tabletop exercises and ensure lessons learned are implemented.
• Participate in SAFe Agile Program Increment (PI) Planning, architecture reviews, sprint planning, and backlog refinement to embed security throughout the SDLC providing input on security guardrails, dependencies, and risks that may impact delivery commitments. Clearly communicate security requirements to technical and non-technical audiences.
• Drive the reengineering of processes for efficiency and visibility, ensuring leaders and engineers have actionable data. Define and manage security enablers in the program backlog to ensure that architectural runway includes continuous security improvements.
• Collaborate with Release Train Engineers (RTEs) to track security risks, impediments, and dependencies across teams; work directly with Scrum Masters and Product Owners to ensure user stories include clear security acceptance criteria; ensure security features and enablers are represented in Definition of Done (DoD) across all product teams.
• Mentor product and engineering teams on secure development practices and continuous security; translate and tailor NIST 800-53 Rev 5 and CMS security controls into actionable tasks for DevSecOps teams. Educate Agile teams on secure development practices and evolving threat models, ensuring security becomes part of the team culture.
• Review and validate completed user stories and features to confirm security controls have been implemented as designed; continuously measure and report security-related metrics (e.g., backlog burn-down of vulnerabilities, compliance closure rates) during Inspect & Adapt workshops.

Benefits

• We offer highly competitive salaries and full healthcare benefits.