Provide subject matter expertise for implementing secure by design concept into development to include security design principles, data protection, threat and vulnerability management, compliance and governance, threat and vulnerability management, and performance risk assessments
Provide an advanced level of information security expertise needed to solve difficult challenges pertaining to the design and implementation of information security solutions, which may include, but is not limited, to networking, operating system, application and database security relative to both techniques and technologies
Identify, document, and automate the integration of security controls into the enterprise architecture and system development life cycle process enabling ongoing (continuous) security monitoring, automated security authorization, and transparent risk reporting
Gain organizational approval for the design and architecture of security requirements for cloud environment including the DWaaS component
Implement and maintain upon approval
Design, implement and maintain layered system security architectures encompassing software, hardware, and communications to support the requirements and provide for present and future cross-functional needs and interfaces
Provide subject matter expertise and hands-on guidance to teams for embedding secure-by-design principles throughout the product lifecycle, including threat modeling and secure coding practices
Design and implement cloud workloads, services, databases, etc. with security as a primary consideration, including network segmentation, granular access control, data protection, and encryption and zero trust principles
Integrate automated security testing in the CI/CD pipelines enabling real-time feedback and rapid remediation of vulnerabilities during development and deployment
Collaborate with the AO Information System Security Office (ISSO) to schedule periodic penetration testing and conduct vulnerability assessments
Provide monthly and ad hoc reports on identified vulnerabilities, remediation actions, and security breaches covering all access layers (database, application, infrastructure)
Include trend analysis and recommendations for continuous improvement
Maintain a risk register and track mitigation process
Propose, implement, and validate security risk mitigation activities for all non-production and production environments with documented evidence of effectiveness
Validate successful implementation of risk mitigation activities for all non-production and production environments
Develop and maintain all Cloud Security Documentation: System Security Plan, Business Continuity Analysis, Disaster Recovery Plan, other documents required for Authority to Operate (ATO)
Create and maintain a Cloud Security Roadmap, provide updates quarterly and obtain organizational approval for all security architecture and design artifacts
Implement and document technical and administrative controls to protect sensitive data from unauthorized internal access, including logging, monitoring, and access reviews
Provide operational support for identity and access management (IAM) with granular role-based access controls, integration with on-premises identity management solutions in accordance with Judiciary enterprise security standards and cloud identity solutions and enable product teams to maintain a private image catalog for team specific isolation
Support secure design and operation of multi-segment networks, multiple subnets, and virtual network routing, with regular security assessments and documentation
Provide product teams with and enforce approved standards for logging and data retention, ensuring logs are protected, searchable, and compliant with regulatory requirements
Document and maintain Standard Operating Procedures (SOPs) for cyber security
Automate repetitive security tasks (e.g., patching, compliance checks, incident response) to improve efficiency and reduce human error
Implement regular reviews and updates of security controls, policies, and procedures to address emerging threats and technological changes
Implement regular reporting on security KPIs (e.g., mean time to detect/respond, vulnerability remediation time, compliance status) to demonstrate effectiveness and inform decision-making
Establish a process for ongoing assessment and improvement of governance controls
Provide guidance and recommendations to stakeholders for containment, validation, and eradication, and support remediation and recovery of incidents (including coordination, documentation, timeline tracking, and resource identification/utilization)

Requirements

12+ years of experience in project leadership in monitoring computer networks and security issues
Bachelor's degree with 12+ years of general experience in information systems (10+ years of experience with MA/MS degree) and 8+ years of specialized experience
Preferred: Certified Information Systems Security Professional (CISSP)
Preferred: Architect certification from at least one of the cloud service providers (CSPs)
Experience in documenting security incidents and performing security vulnerability assessments
Experience working with Agile teams and SAFe to perform testing and uncovering system and network vulnerabilities
Strong working experience in AWS Cloud Security (3+ years’ experience)
Required past ATO experience in AWS environment for large agency (4+ years’ experience)
Required solid understanding of NIST Standards
Experience with the ATO process, FedRAMP, CIS, ISO 27001 (4+ years)
Solid understanding on ICAM, SIEM, Vulnerability management tools
Experience with CSAM or similar tools

Benefits

Health insurance
401(k) matching
Flexible work hours
Paid time off
Remote work options
Paid parental leave
Military leave
Bereavement leave
Jury duty leave

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

information securitycloud securitysecurity design principlesthreat modelingsecure coding practicesvulnerability assessmentsrisk mitigationautomated security testingnetwork segmentationdata protection

Soft skills

project leadershipcollaborationguidancerecommendationsdocumentationcommunicationorganizational approvaltrend analysiscontinuous improvementincident response

Certifications

Certified Information Systems Security Professional (CISSP)cloud service provider architect certification