SME - Cloud Security

Title: SME – Cloud Security

Location: On-site Bethesda, MD

· Job Type: Full-time (40 hours per week) with benefits.

· Availability: immediate.

· Security Clearance: TS/SCI with FS Polygraph.

· Years of Experience:

o   2 Years with a PhD

o   4 Years with a master’s degree

o   6 years with a BS degree.

o   9 Years with AA degree

o   10 Years with HS diploma

Job Description (Cloud Security SME (ISSO))

A successful candidate will work with others on program security team to provide for all aspects of security to include but not limited to the following:

*   Provide expert-level knowledge, both in context and execution, with the Risk Management Framework to support a NIST SP 800-53 HHM systems through the A&A process.

*  Construct thorough and complete security documentation, including, but not limited to, System Security Plans (SSPs), Plan of Actions and Milestones (POA&Ms), and any other artifacts to support the Body of Evidence (BOE), for the sponsor's approval.

*  Identify security controls and work with engineering, development and testing staff to construct proper test plans and procedures.

*  Implement security audit reviews verifying that the audit records are collected and reviewed.

*  Coordinate all security testing exercises, working with external assessment teams and technical staff.

*  Configure and support various AWS services to protect the security posture of the system Desired Skills:

*   Demonstrated strong technical skills and analytic abilities, as well as experience performing system security analysis and risk management.

*  Demonstrated experience with security in the Amazon Web Services environment.

*  Demonstrated experience performing complex technical tasks in pursuit of overall goals with minimal direction.

*   Demonstrated experience in translating an understanding of systems and applications into security test plans and perform hands on security testing.

*  Demonstrated knowledge of risk management methodologies.

*  Demonstrated experience to analyze test results and suggest mitigations for security problems.

*   Demonstrated technical experiences with system configuration, development, and design, specifically around enterprise systems and hypervisors.

*  Demonstrated experience with Linux and virtual platforms.

*   Documented working experience with public and private information security groups and organizations.

* Possesses experience communicating vulnerability results and risk posture to senior executives.

Possess a broad knowledge of Information Security policies and guidance, as well as the ability to assist in researching, evaluating, and developing relevant security policies and guidance.