GovCIO is a team of transformers—people who are passionate about transforming government I.T. We believe in making a difference by developing digital strategies and delivering the technology-related innovation that improves governmental operations each day.

But we can't do it alone. We welcome and nurture an inclusive and diversified work culture. Because different backgrounds, experiences, abilities, and perspectives make us better decision-makers, problem solvers, and creators. We're changing the face of I.T. - from our diverse staff to the end-products we develop. And we're excited to expand our team. Are you ready to be a transformer?

Responsibilities

Craft, contribute to, assess, and recommend scalable, flexible, and resilient cloud architectures incorporating IT security and safeguarding requirements. Identify, evaluate, and recommend opportunities to apply innovative and emerging technologies, automate processes, continually improve quality and efficiency in engineering and enterprise audits, and implementing information assurance and cybersecurity in cloud solutions, and identify metrics for monitoring improvements. Recommend, install, configure, operate, and maintain Government-approved IT security tools, RSA Archer and applications to support overall information assurance activities necessary to protect systems in client security environments. Develop, maintain and troubleshoot scripts to facilitate the integration and automation of security requirements throughout DevSecOps activities. Review and recommend improvements in audit sharing agreements, processes, and technologies between client and other federal agency systems.

• Work with the client to onboard data sources and fully configure the security information and event management (SIEM) or security event management (SEM) to meet enterprise security and governance requirements.
• Collaborate with the client in developing repeatable information assurance and cybersecurity processes and provide engineering assistance to Security Control Assessors in support of Assessment and Authorization efforts.
• Recommend, install, configure, operate, and maintain client-approved IT security tools and applications to support overall information assurance activities necessary to protect systems in the customer environments.
• Coordinate with teams across the enterprise on the migration of existing IT services to the cloud, including identifying security technical requirements and potential problems and issues, and participating in Agile software development teams.
• Participate in network and system design to facilitate the implementation of appropriate systems security policies.
• Apply coding and testing standards, security testing tools (including ‘fuzzing’ static-analysis code scanning tools), and threat modeling.
• Assist with leading technical discussions with stakeholders, help manage client expectations, and develop advanced Splunk reporting.
• Ability to review cloud environments and submit a gap analysis report regarding risks, security vulnerabilities and Continuous Monitoring.
• Collaborate with system developers to discuss and review the Enterprise Audit (EA) strategy, requirements, and audit handling requirements.
• Develop/update and maintain system-specific audit review dashboards and reporting mechanisms.
• Identify and evaluate opportunities to apply innovative and emerging technologies, automate processes, continually improve the conduct and efficiency of client audit activities and Enterprise Audit compliance of systems and infrastructure, and identify metrics for monitoring improvements.
• Strong planning and organizational skills. Detail oriented, decisive and goal oriented to consistently exceed objectives.

Required Qualifications

• Bachelor of Science degree in a computer related field with 8+ years (or commensurate experience) or a minimum of 12 years equivalent job experience working in an enterprise infrastructure security and engineering role.
• Previous experience (at least 4 years) with performing security engineering in a cloud environment, specifically supporting AWS.
• Knowledge of IaaS, PaaS and SaaS architectures.
• Experience with Nessus, Tenable Security Center, Linux based systems, Splunk and Amazon Cloud.
• Strong familiarity with NIST 800-53 and FedRAMP requirements.
• Knowledge in the availability, scalability and efficiency of AWS Cloud Platform in order to engineer reliability into all cloud network and virtualization technologies.
• Ability to review and influence new and evolving design, architecture, standards, and methods for security infrastructures, vulnerabilities and networking at scale