ECS is seeking a Security Architect to work in our Washington, DC office.
ECS is looking for a security architect to support a non-profit customer in the Washington, DC area a develop a secure cloud-based system. We are seeking a qualified candidate to provide cloud security architecture expertise for all phases of the system development lifecycle (SDLC), and provide guidance in the implementation of system-specific security controls and security overlays necessary to ensure the resilience of system's security posture and effectiveness of implementation compliance with organizational defined security requirements. Successful candidates should understand the challenges inherent in a regulatory system for the financial service industry and have the experience necessary to provide the customer a holistic solution which the customer's objectives.
Candidates should have a strong working knowledge of standards-based integration architectures in Cloud environments, using standard tools such as Enterprise Service Bus (ESB), as well as:
- Support architectural reviews and governance processes to ensure alignment with organizational-defined Enterprise Architecture strategies and standards
- Possessing a strong working knowledge of and application of NIST Cybersecurity Framework (CSF), and cloud security
- Developing cogent compliant system security plans and security policies and procedures
- Implementing and designing security countermeasures to ensure systems are capable of responding in the event of a security breach
- Coordinating security rules and internal access authorization with operations leadership and management
- Ensuring system implement tight access controls by enforcing principles of least privilege and separation of duties
- Experience working with AWS/Cloud Architect and customer's security team to ensure they understand existing architecture, accreditation boundary, interconnection, common controls, and develop solutions to improve overall network architectural design and improve system security posture
- Documenting existing security guidelines
- Experience implementing, maintaining, and operating security monitoring tools and infrastructure; and designing, implementing, and maintaining security infrastructure, including management of commercial security products
- Defining data protection and governance standards
Experience and KSAs with the following regulations, standards, and best practices:
- Federal Risk and Authorization Management Program (FedRAMP)
- System and Organization Controls (SOC) 2
- Federal Information Security Management Act (FISMA)
- Federal Information Processing Standard (FIPS) 140-2, 199, and 200
- Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS)
- National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Security and Privacy Controls for Federal Information Systems and Organizations
- NIST Cyber Security Framework (CSF)
- 800-171 Protecting CUI in Non-Federal Systems and Organizations
- NIST SP 800-18 Guide for Developing System Security Plans
- NIST SP 800-70 National Checklist Program for IT Products
- NIST SP 800-161 Supply Chain Risk Management
- Office of Management and Budget (OMB) relevant directives
- Homeland Security Presidential Directive 12 (HSPD-12)
- Gramm-Leach-Bliley Act (GLBA)
- FBI Criminal Justice Information Services (CJIS) Security Policy ver. 5.8 or later
- Must be a US Citizen
- BS Degree
- Must be able to obtain a Public Trust Clearance
- 10 or more years providing ongoing monitoring to identify threats and monitors the network for any security breaches; configuring scanning tools, performs regular vulnerability scanning and oversees remediation activities; performing maintenance of security documentation; ensuring compliance to all applicable standards and supports the ATO security process; Provides incident response support and remediation; creating incident tickets to cover all activity needed to address an incident and maintain an internal chronology of steps taken to remediate the incident.
- Responsible for monitoring security events to identify threats and discovery responses.
- Reviewing results of system scans to identify remediation actions.
- In the event a threat is identified, taking action to stop or mitigate the threat and develop a plan for remediation to prevent this from occurring in the future.
- Must be proficient with desktop programs such as Adobe Acrobat, MS Excel, MS Word, MS Visio
- Must possess a high attention to detail
- Strong oral and written communication skills
- Strong interpersonal communication skills
- Developing and maintaining Authorization To Operate (ATO) documentation, to include but not limited to, Plan of Action and Milestones (POA&M), FISMA-mandated documents, such as system Incident Response Plans, Contingency Plans, and System Security Plans (SSPs), as well as all system-related documentation such as Account Management policies, hardware/software lists, network diagrams, etc.
- Experience supporting client system develop lifecycle, change management, assessment and accreditation assessing and remediating federal and commercial client on-prem and cloud-based applications using a variety of vulnerability and penetration tools, to include OWASP Top 10 list
- Experience managed multiple federal engagements, performing cyber risk assessments and developing response strategies based on the client's system current security posture, developed new target state based on NIST 800-53 and ISO 27001, NIST cybersecurity framework (CSF) standards ensuring client business continuity and limited the impact of potential security breach
- Experience Initiating, tracking, and managing the creation, opening, and closure of weaknesses via prescribed Plan of Action & Milestone (POA&M) processes and procedures
- Effectively communicating the risk and security posture to the Information Systems Security Manager, Information Systems Security Officer, System Owner, Key Stakeholders, and consumers of security controls within your purview
- Performing necessary review, analysis, and reporting of key system attributes, weaknesses, and changes to the Information Systems Security Manager, Information Systems Security Officer, System Owner, and Department Risk Management body to support the Continuous Monitoring of supported systems
- Providing IT security consultation to system owners on security incident reports, equipment/software inventories, technical vulnerability reports, and contingency plans
- Reporting IT security incidents in accordance with established policies and procedures
- Experience with security / validation testing tools to include vulnerability scanners, static and dynamic code analysis, DISA Security Technical Implementation Guides (STIG), Security Readiness Reviews (SRR), Security Content Automation Protocol (SCAP), and other checklists and benchmarks
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
This job has expired.