Sev1tech, Inc.
Senior Cybersecurity Subject Matter Expert
US-CO-Westminster
Job ID: 2024-8035
Type: Full Time W/Benefits Ret Match
# of Openings: 1
Westminster, CO
Overview
Sev1Tech is looking for a Senior Cybersecurity Subject Matter Expert to assist our clients with Risk Management Framework (RMF), ATO, and Cybersecurity Maturity Model Certification (CMMC) compliance and implementation. The Senior Cybersecurity SME is responsible for the interaction with clients and contracts across the company to determine current and future cybersecurity solution needs based on customer requirements, industry knowledge, and best practices. The Senior Cybersecurity SME should keep up-to-date with new technologies, processes, platforms and tools to determine how they are best utilized for customer challenges. The Senior Cybersecurity SME role should be able to interact with and be the liaison between both technical security experts and executive leadership to ensure cyber solutions meet customer needs without exceeding technical capabilities.
- Taking a consultative approach, assist clients in defining and implementing cybersecurity policies and procedures
- Planning researching and designing compliant cyber solutions based on DoD and Federal organization requirements
- Detailed knowledge of cybersecurity tools and their interactions with other security tools and Enterprise IT systems
- Integration of security testing tools and processes into CI/CD pipeline
- Detailed knowledge of Cloud Architectures and security best practices
- Experience implementing cyber security tools within Cloud, On-Prem, and Hybrid environments to include (Firewalls, Endpoint, Scanners, SIEM, IDS, etc.)
- Excellent understanding of Compliance standards to include; NIST SP800 Series, ISO 27000 Series, and CIS best practices
- Support customer Zero Trust initiatives as part of strategic planning
- Excellent technical writing skills coupled with Executive facing presentation development skills
- Work closely with client System Administrators with the identification of vulnerabilities on all customer server assets, including Windows, Unix, and Network devices
- Assist admins with hardening of systems to comply with DISA Security Technical Implementation Guides (STIGs)
- Ensure DISA STIG compliance, interpretation, and analysis of results as well as remediation
- Assist in the Authority to Operate (ATO) support evaluating NIST controls in both a FISMA Moderate and High Environment
- Develop and participate in Contingency Planning (CP) and Incident Response (IR) testing and planning
- Perform system maintenance on security-related tools; evaluate, test, and integrate upgrades
- Scan, patch, remediate, provide mitigation strategies, and document security vulnerabilities in operating systems and applications
- Assist in defining and writing security policies to support FedRAMP, FISMA, Federal Compliance, NIST Compliance, HIPAA Compliance, ISO Standards, and SOX Compliance
- Assist and lead security audits
- Generate bi-weekly vulnerability reports to send out to customers
- Assist in the operation and maintenance of an enterprise level Security Information and Event Management (SIEM)
- Follow security policies and create/maintain existing information system security documentation
- Assist in the development, design, and coding of new systems or components, and troubleshoot & debug problems occurring within existing platforms and resolve issues using enterprise level tools
- Assist with the evaluation of threats and impact as identified by the government and/or security tools
- Other duties as assigned
Salary - Up to $200,000.00 DOE
Responsibilities
- Bachelor’s Degree in Cybersecurity, Computer Science, Systems Engineering, Information Technology or related degree with 10+ years of relevant work experience in IT and Cybersecurity
- At least 5 years of experience in a cybersecurity management role
- Experience working with Federal Government contracts
- Prior Security Consulting experience required
- Experience leading Cybersecurity/Information Security audits
- Must have a thorough understanding of cyber threats, information security, and monitoring & detection using the latest monitoring tools.
- Minimum of 8 years’ experience working with security technologies including exposure to AWS/Azure cloud environments
- Cloud Security Experience - Amazon, cloud security tools
- Experience with authoring and maintaining security authorization documentation specific to FISMA and FedRAMP related controls at up to the “High” impact level
- Background with Risk Management Framework (RMF), ICD 503, NIST SP800-53 and 53a or DCID 6/3; knowledge of current authorization practices; Background with DITSCAP/DIACAP may be substituted in some cases.
- Strong experience with Microsoft 365 platform, including Outlook, SharePoint, Power BI, Excel, PowerPoint, Microsoft Teams, etc.
- Prior experience with application migration into cloud environments supporting security compliance
- Experience with enterprise level security tools (SIEM and vulnerability scanning), specifically LogRhythm, Splunk and Tenable
- Possess excellent oral and written communication skills and proven interpersonal skills
- Demonstrates ability to multi-task, internally driven to meet organizational goals with often quick deadlines.
- Customer Service skills preferred as personable emails and phone calls are essential to the position.
- Must be a self-starter passionate about expanding their IT and Cybersecurity Compliance capabilities
- Multi-task in a team-oriented environment with the ability to manage concurrent objectives, take initiative and maintain client confidentiality with the ability to work independently
Clearance Level: ability to provide proof of U.S. Citizenship; eligible to obtain a Top-Secret Security Clearance
Qualifications
- Vendor and Security certifications
- Strong verbal and written communications skills, including creation of SOPs, maintenance plans, network drawings.
- Strong analytical abilities
- Must possess a strong client focus
- Experience with AWS networking and security architectures
Certifications: CISSP, CISA, CISM, CASP+
PI239050492
|
