Steampunk is searching for a Cloud Security Engineer to support a government customer.  The primary responsibilities for the position are to support all audit and assessment activities ensuring security measures are documented within the security authorization boundary and artifacts receive first time acceptance. The engineer will work as member of system development and engineering team to operate cloud systems while maintaining an acceptable level of risk. The nature of the work requires that the candidate demonstrate initiative, organization, responsibility, customer service skills, and the ability to be flexible and adaptive to a fast-paced, fluid business environment. The candidate must be able to communicate effectively and decisively with all levels of the organization and be able to solve practical problems as well as exercise sound judgement with regards to sensitive and confidential information.

As a Security Engineer, you'll play a crucial role in securing an organization's information systems and data, particularly in federal government agencies where data security and compliance are paramount. Your contributions will encompass a wide range of responsibilities and activities aimed at safeguarding sensitive information, complying with regulations, and mitigating cybersecurity risks.

• 
  
  • Review and assess the security architecture of cloud systems, applications, and technologies to identify and mitigate potential risks.
  • Lead in the design and development of tools that automate compliance activities. 
  • Recommend appropriate mitigation measures and advise on proper design trade-offs in terms of potential impacts and cost benefits.
  • Monitor the gates in the System Lifecycle Management (SLM) process and prepare the customer with outstanding issues and risks identified in the process prior to concurrence on system readiness.
  • Proactively create, monitor and update the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates.
  • Evaluate Waivers or Risk Acceptance Memos to assist in the effective management of system risks.
  • Conduct an annual assessment in accordance with guidance in the DHS Information Security Performance Plan.
  • Review and update security authorization documents as needed, but at least annually;
  • Perform system self-assessments as part of the customer's Ongoing Authorization program;
  • Monitor and respond to Information Security Vulnerability Management (ISVM) Compliance.
  • Provide audit support for assigned systems (Financial, A-123, FISMA, internal, DHS, etc.), throughout the audit (Pre, During, and Post Audit).
  • Maintain knowledge of inventory in accreditation boundary.
  • Use DHS’ and mandated enterprise IA Compliance Tools.
  • Participate in DevOps Sec (security integrated into Agile processes) requirements for assigned systems.
  • Proactively ensure security requirements are included in development cycle (Waterfall, Agile, SecDevOPs).
  • Ensure CM processes are followed to ensure that any changes do not introduce new security risks. 

• U.S Citizen
• Bachelor’s Degree in an IT field and Seven (7) years of cybersecurity experience; Five (5) of which must be FISMA-related OR approved IT standard
• Bachelor’s Degree in a non IT field and nine (9) years of cybersecurity experience; Five (5) of which must be FISMA related OR approved IT standard
• No degree and eleven (11) years of cybersecurity experience; 7 of which must be FISMA-related OR approved IT standard
• Master’s Degree in an IT field and Five (5) years of cybersecurity experience; 3 of which must be FISMA-related
• Must possess a information technology certification related to subject matter expertise
• Proven experience as an Information Security Engineer, preferably in a federal or government environment.
• Demonstrated knowledge of a variety of the security field’s concepts, practices, and procedures to ensure the secure integration and operation of all systems
• Extensive specialized knowledge of cloud engineering or application and design 
• Specialized knowledge and experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines Knowledge and experience with the vulnerability scanning execution, assessment, and analysis
• Knowledge and experience with application security, database security, and network security
• Knowledge and experience with the vulnerability scanning, assessment, and analysis
• Knowledge and experience configuring and using Splunk within enterprise enviorment  
• Knowledge and experience with the information security and assurance principles (e.g., Defense-in-depth) and associated supporting technologies
• Ability to assess and weigh current and evolving security threats in an operational environment

Preferred Skills

• In-depth knowledge of federal cybersecurity regulations and standards.
• Strong understanding of security infrastructure, risk management, and compliance.
• Proficiency in security tools, technologies, and best practices.
• Excellent communication and interpersonal skills
• U.S. citizenship and the ability to obtain and maintain a security clearance are required.
• Current experience providing security support to DHS
• Experience supporting systems hosted in Cloud environments.
• Experience supporting systems and applications in Agile and DevOps environments.

Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors.  Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges.  As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com.