Posted

ConnectStaff has an immediate requirement in the National Capital Region for a Cloud Security Engineer to support the Conference of State Bank Supervisors and (subsequently) the Consumer Financial Protection Bureau.

The Cloud Security Engineer is responsible for supporting the enterprise-wide security program, including operational security, security of cloud development through production environments (AWS), incident response, remediation and recovery.

Clearance: Must be eligible for a public trust clearance.

Responsibilities:

  • Creation and management of security groups and boundaries, problem resolution, vulnerability remediation, monitoring, and security threat management
  • Support the development and implementation of standard operating procedures to ensure consistent security processes and controls and effective incident response capabilities
  • Perform security reviews to determine if security measures and procedures are still in line with accepted risk profile from the business side, and to verify if those measures and procedures are regularly maintained and tested
  • Ensure that all systems and networks comply with applicable computer and network security requirements
  • Monitor system status, perform intrusion monitoring, and oversee the investigation of information technology security incidents, monitoring and reporting mitigation progress
  • Work with the IT management to implement and enforce IT security policies and procedures
  • Work with developers, IT management and other business stakeholders to gain an understanding of business security requirements for critical systems and sensitive data
  • Assist in the development of security tests as part of our software development life cycle
  • Communicate security vulnerabilities and ensure that the appropriate corrective action is taken
  • Assist in the development of security tests as part of our software development life cycle
  • Evaluate and recommend new security technologies, processes and methodologies
  • Monitor and oversee patch-management processes
  • Support internal and external audits of security controls (e.g., segregation of duties and privileged access controls)
  • Develops and implements security technologies, standards, processes, policies, and guidelines for the enterprise including Identity and Access management 

Knowledge and Skills:

  • Proven analytical, investigative and problem-solving skills
  • CISSP or CISM is a plus
  • Must have deep understanding of information security concepts, controls, tools and leading security practices, especially as they relate to US Government
  • Must have an understanding and direct experience supporting one or more leading information security standards and frameworks (e.g., FISMA, RMF, NIST, ISO 27000 series)
  • Must be knowledgeable in networking, databases, application security, web operations (internet security), secure remote access capabilities, and securing the AWS cloud
  • Effective time management skills, including the ability to plan, organize, prioritize, and balance multiple tasks and/or projects to ensure target dates and goals are achieved
  • Work experience in an Agile environment with software developers

Education and Work Experience:

  • BS or BA degree in computer science or related technical field or 5 years’ equivalent experience is required.
  • 7-10 years’ experience, with at least 7 years’ experience in security roles

Desired Certifications (one or more preferred but not required):

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified Ethical Hacker (CEH)
  • Networking or Server Platform Certifications (Cisco, Microsoft, Linux)

Apply for this Position

  • Accepted file types: doc, docx, pdf.
  • This field is for validation purposes and should be left unchanged.