Title: Senior FedRAMP Security Engineer
Location: Open, United States (Remote)
Travel: Up to 25%
We are seeking a dynamic professional with 8+ years of hands-on cybersecurity experience in performing and/or participating in DoD and/or NIST-based system security assessments, privacy assessments, continuous monitoring, and/or other Assessment and Authorization (A&A) activities; specifically with strong experience and background in Cloud Computing and FedRAMP.
Duties and Responsibilities:
Skills and Qualifications:
- Lead the development, assessment, and analyzing of cyber security documentation for client information systems in accordance with FISMA, NIST RMF for Federal Civilian Agencies, RMF for DoD IT, FedRAMP, and departmental standards.
- Lead the performance of system/network vulnerability scanning and analysis using both automated tools and manual techniques.
- Lead technical assessments using standard industry tools such as Nessus, DB Protect, WebInspect, ACAS (for DoD), and others.
- Lead in the Identification and application of vulnerability remediations, fix procedures, and when necessary mitigation techniques.
- Lead in the identification and mitigation of cyber security risks through formal assessment activities.
- Lead compliance related discussions (this includes expert understanding of applicable compliance frameworks, architectures, and security control requirements (technical and non-technical).
- Support and lead the business development process through participation as the FedRAMP SME.
- Support the School of Cybersecurity (SCS) by providing instruction to clients for FedRAMP and Cloud Security Courses.
- Lead customers to resolve cybersecurity issues and concerns as well as to explain how compliance with various standards and frameworks are achieved.
- Lead the day-to-day activities required to deliver a project on time and within budget.
- Lead regular project meetings; deliver succinct and accurate status updates.
- Manage client delivery teams to include mid-level and junior security assessors, as necessary.
- 8+ years of experience in performing and/or participating in FISMA based security Assessment and Authorization (A&A) activities.
- SME knowledge of Cloud Computing and FedRAMP.
- SME knowledge of FISMA, NIST/DoD RMF, and NIST SP 800-series publications.
- SME knowledge of testing tools such as Nessus/ACAS, SCC, DISA STIGs / STIG Viewer, Wire Shark, Flying Squirrel, etc.
- Experienced with Software Development Lifecycle (SDLC) and related terminology as it relates to Information Security/Information Assurance.
- Self-motivated and able to work/lead in an independent manner or as part of a client delivery team.
- Able to own and author original content/reports/attestations.
- Exceptional organizational, planning, and attention to detail skills.
- Able to work in a fast-paced, deadline-driven, remote environment.
- Able to travel at least 25% as required for various client engagements.
- Must be a US Citizen and able to obtain an active SECRET Security Clearance
- Strong technical background.
- Coding/Programming experience with one or more of the following tools: Python, Perl, Shell, Bash, Batch, etc.
- Experience and technical knowledge in security engineering, secure architecture development, system and network security, authentication and security protocols, applied cryptography, and application security.
- Bachelor’s degree in IT related field or equivalent technical certifications.
- The following certifications (more than one is preferred): Lunarline, Inc. School of Cybersecurity “Certified Expert” certifications, Security+, CISSP, CEH, SFCP, GCIA, ISSEP, ISSMP, GCIH, GCFA, CSLC, CISM, CCNA, CCNP, Network+, CAP, SANS security certifications, etc.