ASRC Federal Broadleaf Division (Prime) is actively hiring a Cloud Security Auditor in support of our Defense Counterintelligence Security Agency (DCSA) program based out of Quantico VA.
This is primarily a Telework position with a requirement to be onsite at least two (2) days a week at Quantico Marine Corps Base VA.
DUTIES:
As a Cloud Security Auditor, you will be responsible for assessing the organization's cloud implementations and security controls to determine whether they meet DoD and industry standards. As the Cloud Security Auditor, you will assess the cloud security status by conducting posture reviews of all Agency Cloud Systems to include:
- Identify and document all gaps against cloud cybersecurity requirements, ensuring thorough analysis and accuracy
- Provide weekly Cloud Security Posture Review Reports detailing all identified gaps and actions taken to address them
- Produce a full Cloud Security Posture Review Report at the end of the month, summarizing all gaps and the corresponding remediation efforts
- Collaborate with stakeholders to ensure alignment of audit findings with organizational cybersecurity goals and requirements
- Collaborating with Cloud Engineers to develop and implement effective cloud security strategies
- Maintain detailed documentation and reports of all posture review activities, findings, and responses
- Stay current with the latest cloud security trends, tools, and best practices to ensure the effectiveness of posture reviews
- Working together with stakeholders to implement necessary security improvements
- Provides security and technical expertise to support the development of security objects to satisfy business requirements
BASIC QUALIFICATIONS:
Candidates should have a proven background working in cloud environments with experience and knowledge in the following areas:
- Security automation with tools such as Splunk and STIG scanner
- Analyzing and administering security policies to control physical and virtual system access
- Identifying and investigates security issues and develops security solutions that address compliance requirements that can/ do impact security
- Identifying, developing, and implementing mechanisms to detect security incidents to enhance compliance and support of the security standards and procedures
- Assessing business role requirements, reviews authorization roles, and supports authorizations
- Demonstrating a comprehensive skill set with testing authorizations for multiple environments and coordinates testing with business/technical users
- Validating system configurations to ensure the safety of information systems assets and protects information systems from intentional or inadvertent access or destruction
- Implementing best practice when applying knowledge of information systems security standards/practices (e.g. Access control and system hardening, system audit and log file monitoring, security policies, and incident handling)
- Design and coordinating activities/engagements with other departments
- Identifying security gaps that expose the Agency to potential exploit and develop short- and long-term prioritized remediation to address those gaps
- Developing and executing security controls, defenses, and countermeasures to intercept and prevent internal/external data infiltrations
- Determining strategy and protocol for network behavior, analysis techniques, and tool implementation
- Providing subject matter expertise in systems security policies, standards/practices, protocols, and technologies.
- Creating dashboards, configures alerts, implements and supports security software platforms, and monitors tools/apps
- Identifying opportunities for streamlining and increasing effectiveness through continuous process improvement
- Implementing practices, processes, and procedures consistent with the Agency's information security policy and IT standards
- Developing and documents security events and incident handling procedures into Playbooks
- Collaborates with business partners, project teams, and team members to build secure solutions that protects data and enables the business with tools and processes that make sense and adapt to changing business needs both on-premises and in the cloud.
- Works with cloud engineers to identify security solutions that support their business requirements
- Partners with other Information Security groups to conduct security risk assessments on new solutions and systems, periodic security risk assessments on existing systems; and identifies and/or recommends appropriate security mitigations and best practices
#Broadleaf
YEARS EXPERIENCE:
At least Five (5) Years – Experience with assessing, analyzing and implementing information assurance and security engineering systems in cloud environments
EDUCATION REQUIREMENTS:
Bachelor's Degree, or equivalent experience in Cybersecurity, and/or Information Systems Management, Information Technology
CERTIFICAITON(S):
DD8140/DoD8570.01-M IAT Level II e.g., CCNA-Security, CySA+, GICSP, GSEC, Security + CE, CND, SSCP or higher-level certification
A Cloud Security Certification is required e.g., Certified Cloud Security Engineer, AWS Certified Security – Specialty, Microsoft Azure Security Engineer Associate or equivalent
Certification in cybersecurity (e.g., CISSP, CISM, CISA) is a plus.
CLEARANCE LEVEL:
Active Top Secret with the ability to obtain TS/SCI
WORK ENVIRONMENT AND PHYSICAL DEMANDS:
This is primarily a Telework position with a requirement to be onsite at least two (2) days a week. Onsite days may be higher during initial project design and implementation.
If alternate worksite is other than DCSA facilities or corporate office space, must have the reliable ability to communicate over voice (cell phone preferred) and stable, capable internet connection.
Must speak English well enough to communicate complex technical ideas to a diverse customer both verbally and in written form.
ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.