Cloud Security Auditor
Quantico, VA 22134, USA Req #173
Wednesday, December 4, 2024
ASRC Federal Broadleaf Division (Prime) is actively hiring a Cloud Security Auditor in support of our Defense Counterintelligence Security Agency (DCSA) program based out of Quantico VA. This is primarily a Telework position with a requirement to be onsite at least two (2) days a week at Quantico Marine Corps Base VA.
DUTIES:As a Cloud Security Auditor, you will be responsible for assessing the organization's cloud implementations and security controls to determine whether they meet DoD and industry standards. As the Cloud Security Auditor, you will assess the cloud security status by conducting posture reviews of all Agency Cloud Systems to include:
Identify and document all gaps against cloud cybersecurity requirements, ensuring thorough analysis and accuracy- Provide weekly Cloud Security Posture Review Reports detailing all identified gaps and actions taken to address them- Produce a full Cloud Security Posture Review Report at the end of the month, summarizing all gaps and the corresponding remediation efforts- Collaborate with stakeholders to ensure alignment of audit findings with organizational cybersecurity goals and requirements- Collaborating with Cloud Engineers to develop and implement effective cloud security strategies - Maintain detailed documentation and reports of all posture review activities, findings, and responses- Stay current with the latest cloud security trends, tools, and best practices to ensure the effectiveness of posture reviews- Working together with stakeholders to implement necessary security improvements- Provides security and technical expertise to support the development of security objects to satisfy business requirements BASIC QUALIFICATIONS: Candidates should have a proven background working in cloud environments with experience and knowledge in the following areas:
Security automation with tools such as Splunk and STIG scanner- Analyzing and administering security policies to control physical and virtual system access- Identifying and investigates security issues and develops security solutions that address compliance requirements that can/ do impact security- Identifying, developing, and implementing mechanisms to detect security incidents to enhance compliance and support of the security standards and procedures
Assessing business role requirements, reviews authorization roles, and supports authorizations
Demonstrating a comprehensive skill set with testing authorizations for multiple environments and coordinates testing with business/technical users
Validating system configurations to ensure the safety of information systems assets and protects information systems from intentional or inadvertent access or destruction
Implementing best practice when applying knowledge of information systems security standards/practices (e.g. Access control and system hardening, system audit and log file monitoring, security policies, and incident handling)
Design and coordinating activities/engagements with other departments
Identifying security gaps that expose the Agency to potential exploit and develop short- and long-term prioritized remediation to address those gaps
Developing and executing security controls, defenses, and countermeasures to intercept and prevent internal/external data infiltrations
Determining strategy and protocol for network behavior, analysis techniques, and tool implementation
Providing subject matter expertise in systems security policies, standards/practices, protocols, and technologies
YEARS EXPERIENCE:
At least Five (5) Years - Experience with assessing, analyzing and implementing information assurance and security engineering systems in cloud environments
EDUCATION REQUIREMENTS:
Bachelor's Degree, or equivalent experience in Cybersecurity, and/or Information Systems Management, Information Technology
CERTIFICAITON(S):
DD8140/DoD8570.01-M IAT Level II e.g., CCNA-Security, CySA+, GICSP, GSEC, Security + CE, CND, SSCP or higher-level certification
A Cloud Security Certification is required e.g., Certified Cloud Security Engineer, AWS Certified Security - Specialty, Microsoft Azure Security Engineer Associate or equivalent
Certification in cybersecurity (e.g., CISSP, CISM, CISA) is a plus.
CLEARANCE LEVEL:
Active Top Secret with the ability to obtain TS/SCI
WORK ENVIRONMENT AND PHYSICAL DEMANDS:
This is primarily a Telework position with a requirement to be onsite at least two (2) days a week. Onsite days may be higher during initial project design and implementation.
If alternate worksite is other than DCSA facilities or corporate office space, must have the reliable ability to communicate over voice (cell phone preferred) and stable, capable internet connection.
Must speak English well enough to communicate complex technical ideas to a diverse customer both verbally and in written form.
We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.
EEO Statement
ASRC Federal and its Subsidiaries are Equal Opportunity /Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.
Other details
Job FamilyInformation Technology
Job Sub-FamilyCyber Security
Pay TypeSalary
Travel RequiredNo
Telecommute %60
Required EducationBachelor's Degree
Job Start DateWednesday, December 4, 2024
Quantico, VA 22134, USA
<
S:SKCIN SKINTMISC