Posted in Other 15 days ago.
Location: Baltimore, Maryland
It's fun to work in a company where people truly BELIEVE in what they're doing!
We're committed to bringing passion and customer focus to the business.
The Senior IT Consultant / Cloud Security Assessor - Cloud Security Monitoring will conduct security validations and assessments, in support of the FedRAMP and DoD Provisional Authorization (PA) processes and Cloud Services documentation packages. This position provides advanced technical expertise to senior management, department heads and/or staff. The Senior IT Consultant recommends specific solutions based on specialized capabilities to perform and integrate highly complex services in several operational, functional, or organizational areas.This position is located in Fort Meade, MD.
Candidates must be certified in one of the areas as directed by DoD 8570- CISM, CISSP, GSLC, CCISO;
Additionally possess a DOD Top Secret or Secret Clearance.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Essential duties and responsibilities include the following. Other duties may be assigned.
Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge/quality of work, supporting financial goals of the company, initiative/motivation, cooperation/relationships, problem analysis/discretion, accomplishing goals through organization, positive oral/written communication skills, leadership abilities, commitment to Affirmative Action, reliability/dependability, flexibility and ownership/accountability of actions taken.
Conduct Cloud Security Assessments to include: validated cybersecurity controls, certifier's recommendation, and certifier's statement of residual risk, certification assessment briefing slides, and a provisional authorization. If the validation is leading to a Joint Authorization Board (JAB) Provisional Authorization (PA), a one-page executive summary shall also be prepared. Utilizing established process, procedures, templates, and forms:
Attend technical kick-off meetings and review preliminary analysis to understand and document a CSP's readiness posture.
Review and comment on CSO's SSP, SAP, SAR, and POA&M.
Review, understand, and document the operational impact that the security authorization, change, and/or vulnerabilities poses to the CSP.
Review, evaluate, and provide analysis in order to develop the Cloud Security Assessment Package in accordance with (IAW) the established guidelines.
Create a certification recommendation memorandum that detail the CSO's compliance with required DoD Cybersecurity controls, technical compliance, and include any residual risk.
Cloud Continuous Monitoring: Perform DoD and FedRAMP Cloud Authorization on-going support to include continuous monitoring, annual reviews and significant change requests of Cloud Service Providers through reviews, recommendations, written reports, and briefings. This task involves a review and analysis of the following: Deviation Requests (validations or justifications for a finding to be carried), Monthly One Pagers (description of the Cyber status of a CSO for that month), Annual Assessments (AA), (one-third of the assessment of the total CSO' baseline conducted each year), Playbooks (Weekly report on the ConMon status process of a particular set of CSO's), Significant Change Requests (SCR's) adding new requirements/capabilities to a CSO's offering, reviewing of the scan data, POA&Ms, and other changes to evaluate a CSP's ongoing risk posture change. Create monthly one pagers and playbooks.
Ensure the DoD and FedRAMP's monitoring programs provide oversight of CSP, ensuring a risk-based approach and provides data for the AO to understand risk position of cloud service provider environment.
Provide ongoing assurances (assessments and validations) that security controls are in place that adhere to DoD and FedRAMP requirements, to ensure compliance to maintain validation.
Ensure system risk safeguards and controls are in place to operate effectively, utilizing a proactive system and risk-based approach in monitoring.
Provide a more continuous view of cloud service provider applications and devices, to promote improved decision making based on assessed risks, while maintaining requirement of authorized risk levels.
Accomplish through the CSP an architectural reviews a risk-based situational awareness approach for network visibility to reduce timely mitigation steps.
Ensure the FedRAMP/DoD CSP provides timely incident reporting and escalation, major system changes approval affecting the authorization boundary.
Integrate security and risk management processes that identify actionable items, based on potential risks.
Validate and ensure CSP performs vulnerability scans of required security controls established by/for DoD and FedRAMP.
Recommend and monitor POA&M and monthly submission and review of vulnerability scans, playbooks, change request, deviation reports, and monthly one-pagers established for FedRAMP and DoD.
Conduct annual assessments for FedRAMP/DoD.
Support continuous monitoring and annual reviews of Cloud Services through reviews, recommendations, written reports, and briefings.
Document continuous monitoring standards and frameworks.
Responsible for aiding in own self-development by being available and receptive to all training made available by the company.
Plans daily activities within the guidelines of company policy, job description and supervisor's instruction in such a way as to maximize personal output.
Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and co-workers. Will report any unsafe conditions and/or practices to the appropriate supervisor and human resources. Will immediately correct any unsafe conditions as the best of own ability.
Promotes and encourages a culture of compliance with all applicable rules (federal, state, local, Federal Acquisition Regulations, Code of Federal Regulations, Prime Contract requirements, etc.) for themselves and the company as a whole. Fosters an environment in which they will reportanyviolations or reasonably suspected violation of CNI policy, FAR, and/or CFR and are comfortable discussing the myriad compliance, conflict, FAR, CFR, etc. issues that arise during the performance of a government contract.
EDUCATION / EXPERIENCE
Bachelor of Science (B.S.) or above, or equivalent combination of IT technical or cybersecurity Associates Degree and seven (7) years' experience. Experience with a Program in a Federal organization. A demonstrated proficiency in Microsoft Windows/Office and Microsoft Project.
CERTIFICATES, LICENSES, REGISTRATION
Must possess a 8570 DOD IAM-III level certification which requires one of the following certifications: CISM, CISSP, GSLC, CCISO.
Must posses a Secret or Top Secret Clearance.
May be subject to a background investigation and must be able to meet the requirements to hold a government security clearance.
JOB SPECIFIC KNOWLEDGE / SKILLS / ABILITIES
Expert knowledge of proven business and operations practices and strategies
Proficient understanding of Restful APIs, JSON
Proven ability to facilitate progressive organizational change / development within a growing organization
Excellent organization and time management skills with ability to handle multiple priorities
Exceptional analytical and problem-solving skills with ability to assess business requirements
Exceptional leadership skills with ability to motivate, influence and lead others
High level of proficiency in briefing managers and communicating recommendations regarding status of project operations
Excellent verbal and written communications skills
Superior customer service and relationship management skills
Ability to effectively interact with management and staff at all levels within a multi-level organization
Ability to proactively identify problems and effectively respond
Ability to use discretion concerning highly sensitive and confidential data and information
Proficient understanding of cross-browser compatibility issues and ways to work around them
Experience with configuration management, version control, software packaging and deployment
Ability to perform system analysis, design and development
Ability to work well in a team as well as independently
Excellent oral and written communications skills
Ability to read, analyze and interpret common scientific and technical journals, financial reports, and legal documents. Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community. Ability to write speeches and articles for publication that conform to prescribed style and format. Ability to effectively present information to top management, public groups, and/or boards of directors.
Ability to work with mathematical concepts such as probability and statistical inference, and fundamentals of plane and solid geometry and trigonometry. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job. Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic.
Equal Employment Opportunity Statement
All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status.
Tremco Construction Products Group