Cloud Security Engineer

Location: Washington, DC
# of openings: 1

Description

Bart & Associates (B&A) is currently seeking a Cloud Security Engineer to join our team on a Federal Project in Washington, DC!

The Cloud Security Engineer (CSE) supports the security activities associated with evaluating, implementing, managing security practices and continued operations of new and existing technologies across all client cloud environments.  The CSE understands how security in the cloud is like that of on-prem data centers and the key differences that require different controls and different approaches.  The CSE possesses demonstrable experience working in at least one of the following cloud environments: Amazon Web Services (AWS), Azure, or Google and is well-versed in the architecture and design of the respective cloud including associated services, how the cloud interconnects with agencies, and, specifically, how to conduct business within the cloud environment in a secure manner

 

The Cloud Security Engineer shall be responsible for the following:

  • Understand architectural development for cloud automated frameworks for Security Tool deployment and development, leveraging various scripting languages and open source solutions
  • Understand the architectural design and implement security measures related to computer networks, software testing, validation procedures, programming, and documentation as it pertains to Cloud Security, Application Security, Vulnerability Management, and Network Security
  • Understand cloud security plans that implement systems and procedures to effectively secure company information, infrastructure, intellectual property, and users against accidental or unauthorized modification, destruction or disclosure
  • Apply agile practices to analyze internal security and provide relevant information to internal and external customers, suppliers, and partners
  • Work with assigned system stakeholders to understand their cloud infrastructure to adequately support the mission
  • Understand and interpret cloud services that are offered on a platform, to include 3rd party services
  • Ability to determine the cost associated with cloud services and address anomalies accordingly
  • Assist with the implementation of monitoring capabilities for various audiences - developers, business owners, security, and infrastructure; analyze all platform level, network changes and monitor impact and provide appropriate technical solutions to resolve issues efficiently; evaluate and document operating baseline according to required standards
  • Provide oversight of application packaging to ensure automation is being utilized for both the application and infrastructure builds throughout the development, test, and production environments. This includes the automation of server builds for VMs and maintenance of these builds utilizing chef scripting as deemed appropriate
  • Utilize in-depth knowledge of infrastructure components (VM's, Security Products, Network ports and protocols, Databases, Middleware and open source code) to support DevOps in an enterprise environment to build, maintain and sustain an enterprise information technology DevOps operational model
  • Provide technical support for enterprise infrastructure components (network, database, middleware, security and open source code) technology transitions and migrations to cloud services e.g. Platform as a Service (PaaS), Infrastructure as a Service (IaaS), etc.
  • Evaluate and implement automation of server and application builds and monitoring for multiple environments (Development, Test, Training, Production, and Disaster Recovery) Ability to perform computer incident response and remediation practices as outlined in NIST 800-61 (Computer Security Incident Handling Guide) and DHS 4300A Sensitive Systems Policy Handbook, Attachment F Incident Response. The contractor's staff will assist the Security Operation Center (SOC) on incident response actions for security incidents affecting the Cloud environment on an as needed basis

Requirements:

  • Have and maintain at least one active certification such as CISSP, CCISSP, CEH, CISM, CISA, Cloud+, AWS, CCSP
  • Minimum of five (5) years of experience managing IT projects and programs or specialized experience as an Information Systems Security Professional
  • Minimum of five (5) years of experience with analyzing, assessing and implementing corrective actions based on vulnerability management tools
  • Minimum of five (5) years of experience with leading projects, technical writing, administrative tasks, and conducting briefings
  • Minimum of five (5) years of experience in security engineering or security operations
  • Experience in security process mapping, security process analysis, security process improvement concepts, models, and best practices
  • Excellent customer service, analytical, problem solving, team-building, and interpersonal skills
  • Ability to work independently and function as an integral part of the team
  • Excellent oral and written communication skills; technical and business focused, with the ability to document and describe security process information collected
  • Listening skills, the ability to detect explicit and implicit needs and wants
  • Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
  • Proven experience in building consensus and managing cross-functional teams
  • Demonstrated proficiency in a vast array of Cyber Security platforms: Standard Application Online (SAO), Security Information and Event Management (SIEM), Intrusion Detection System (IDS)/Intrusion Protection System (IPS), Data Loss Prevention (DLP), Web Application Firewalls (WAF), Threat Intel, Endpoint Security
  • Experience with cloud Platform as a Service (PaaS), Software as a Service (SaaS) and other cloud services
  • Experience with Continuous Integration (CI)/Continuous Delivery (CD) - Deployment pipeline experience (Jenkins, Ansible, Terraform)
  • Experience or a strong knowledge of Data at Rest Application Programing Interface (API) design
  • Experience or a strong knowledge of programming languages (Python, Java etc.)
  • Experience or a strong knowledge of container/orchestration tools (Kubernetes, Docker, Puppet, etc.)
  • Log aggregation platform experience
  • Have a deep understanding of API Security, Container Security, Cloud Security
  • Advanced Microsoft Excel and Access skills to perform extensive data mining, correlation, and reporting
  • Experience working with NIST SP 800-53, RMF, FISMA, DHS and DoD policies
  • Listening skills, the ability to detect explicit and implicit needs and wants
  • Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
  • Ability to work independently and function as an integral part of the team
  • Strong analytical and problem-solving skills
  • Demonstrated interviewing and negotiation skills applicable to identifying, defining, and evaluating requirements

 

**Must be a US Citizen with a DoD Secret clearance**

 

Bart & Associates (B&A) has been a systems integrator of information technology solutions for 30 years. Our mission is to use our depth and breadth of technical knowledge and expertise to ensure our clients have optimum IT solutions to meet their goals. We are a company whose accomplishments exemplify the skills, dedication, and commitment of our most valuable asset: our people. B&A provides strategic, enterprise, application, and technical infrastructure solutions, including customized and Commercial-Off-The-Shelf applications. Our service lines include: Human Capital Management, Operations & Enablement, Integration & Analytics, Modernization & Transformation, Agile Delivery, and Certified Hosting. We have a strong focus on innovation with an in-house Research and Development team and we offer full time employees a 100% premium paid medical plan option, which includes coverage for medical, prescription, dental, vision, life insurance, AD&D, disability, teledoc, and accident insurance.  Headquartered in McLean, VA, B&A was named one of Virginia’s Best Places to Work in 2018.

 

 

EEO

B&A provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. B&A complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy covers conduct occurring at B&A’s offices, and other workplaces (including client sites) and all other locations where B&A is providing services, and to all work-related activities.

As a Federal Contractor, B&A is required to participate in the E-Verify Program to confirm eligibility to work in the United States. For information regarding your legal rights and protections, please click on the following links:

E-Verify
EEO is the Law
EEO is the Law - Amendment
Pay Transparency

 

Affirmative Action Plan

As a federal government contractor and based on Executive Orders and applicable laws and regulations, B&A develops and maintains annual written Affirmative Action Plans and endeavors to hire and advance qualified minorities, females, individuals with disabilities, and protected veterans.




Previous Applicants:

If you do not remember your password click here.

Back to Search Results

New Search


Powered By Taleo