Tech Stack

Description

You will work as part of a team reviewing and assessing Risk Management Framework authorization body of evidence for classified information systems. You'll implement security best practices in AWS environments, maintain security posture, and support audit trail configurations. This role involves advising on security design reviews and contributing to technical artifacts for government clients.

Requirements

• 3 years of implementing NIST 800-53, Rev 4 and the Risk Management Framework
• 3 years of experience with Windows and/or Linux environments
• 1 year of experience with AWS environments
• 2 years of using information security and assurance practices and principles
• Experience contributing to cloud Authorization to Operate and/or Interim Authorization to Test efforts
• Experience with MS Active Directory, ACAS/Nessus, McAfee, AWS Security
• DoD 8570 IAT Level II certification or higher
• Experience working with Government personnel
• Active TS/SCI level clearance

Responsibilities

• Review and implement least-privilege IAM policies across services
• Ensure secure use of AWS Secrets Manager with EKS and applications
• Apply security best practices to IaC configurations
• Support audit trail and logging configurations using AWS CloudTrail and AWS Config
• Maintain overall security posture of environment to include monitoring access logs
• Review new and existing systems for technical compliance with IA directives and protection of data
• Advise on in-depth security design review and threat/risk assessments
• Provide inputs to technical artifacts including Plans of Action and Milestones, Security Control Traceability Matrices, and Risk Assessment Reports
• Conduct site visits and assessments to inspect IA plans and security control implementations
• Support Incident Response Team activities