IMAGE: Return to Main IMAGE: RSS Feed IMAGE: Show All Jobs

Position Details: Senior Systems Security Officer

Location: Remote, Remote
Openings: 1
Salary Range: $135/K - $150/K


Job Title: Senior Systems Security Officer

Location: US-Remote

A. Hardware
1. AWS Infrastructure
2. Modern Cloud Technologies
B. Software
1. DataBricks/Spark/ElasticMapReduce (some working knowledge of scalable, parallel processing)
2. Languages/Libraries

ISSOs should have a working knowledge of how programming works in general, high level understanding of different types of languages and how they are interpreted/executed. Examples include:

- Python
- Linux
- Java
- Relational databases, such as MySQL, Oracle, etc
3. AWS Security Tools/Classes
a) Understanding of Containerization (Docker, Lambda, Kubernetes)
b) Understanding of AWS and CMS security tools (Prowler, SecureHub, Nessus, TrendMicro, etc.)

4. Modern Cloud Auditing and Logging Services, such as
c) CloudWatch
d) CloudTrail

II. Experience
A. CISSP Knowledge, especially:
1. Dept. of Homeland Security - Security Directives
2. HHS/CMS Security Policies, Procedures and Directives, such as
1. CMS Acceptable Risk Safeguards (ARS) 3.1
2. CMS Risk Management Handbook
3. CMS ATO/ACT Process
4. RVA & HVA Requirements
5. CMS TRA Architecture Standards
6. CMS Target Life Cycle Management
7. CMS Agile Life Cycle Management
F. Security Controls, such as:
a) NICE Framework
b) NIST 800-53 rev 4/5
c) FedRamp
d) NIST Standards White Papers

III. Capabilities
A. Artifact Preparation (ACT Tier 1, Tier II)
B. Creation of Security Training Materials – primarily for engineers. Need to be able to translate NIST security concepts into understandable requirements for engineering team.
C. Conduct Security-related Training
D. Event Management
1. Table Top Exercise
2. Incident Response
3. Contingence Management
E. Able to become fluent in CFACTS (should at least take the next CMS class on this, experience with RSA/Archer also applicable)
F. Excellent Communications Skills
1. Effective Technical Writer
2. Good Writing Skills
G. Able to work collaboratively with a development team to articulate questions based on NIST guidance and security controls, as they develop new features and code. Also able to review technical tickets/stories, understand the high level technical concepts and changes referenced, and identify areas with security impact.
K. Be self-directed, proactive on following up on any security concerns, integrated with development team,

Perform an action:

IMAGE: Apply to Position

Powered by: CATS - Applicant Tracking System