Job Description (Cloud Security SME (ISSO))
A successful candidate will work with others on program security team to provide for all aspects of security to include but not limited to the following:
- Provide expert-level knowledge, both in context and execution, with the Risk Management Framework to support a NIST SP 800-53 HHM systems through the A&A process
- Construct thorough and complete security documentation, including, but not limited to, System Security Plans (SSPs), Plan of Actions and Milestones (POA&Ms), and any other artifacts to support the Body of Evidence (BOE), for the sponsor's approval
- Identify security controls and work with engineering, development and testing staff to construct proper test plans and procedures
- Implement security audit reviews verifying that the audit records are collected and reviewed
- Coordinate all security testing exercises, working with external assessment teams and technical staff
- Configure and support various AWS services to protect the security posture of the system Desired
Requirements
Skills:
- Demonstrated strong technical skills and analytic abilities, as well as experience performing system security analysis and risk management
- Demonstrated experience with security in the Amazon Web Services environment
- Demonstrated experience performing complex technical tasks in pursuit of overall goals with minimal direction
- Demonstrated experience in translating an understanding of systems and applications into security test plans and perform hands on security testing
- Demonstrated knowledge of risk management methodologies
- Demonstrated experience to analyze test results and suggest mitigations for security problems
- Demonstrated technical experiences with system configuration, development, and design, specifically around enterprise systems and hypervisors
- Demonstrated experience with Linux and virtual platforms
- Documented working experience with public and private information security groups and organizations
- Possesses experience communicating vulnerability results and risk posture to senior executives
Possess a broad knowledge of Information Security policies and guidance, as well as the ability to assist in researching, evaluating, and developing relevant security policies and guidance.