Cloud Security Specialist - Silver Spring, United States - Executive Recruiting

Description

We are seeking a remote Cloud Security Specialist to join our team supporting the Security Architecture and Vulnerability Management Support Services contract for the National Oceanic and Atmospheric Administration's (NOAA) National Environmental Satellite, Data, and Information Service (NESDIS) information systems. The candidate will support growing Cloud Services practice and must be an expert in cloud engineering, security, performance, deployment, and troubleshooting. The successful candidate will help drive efforts to Support NOAA's Cloud NESDIS initiatives. These strategic cloud initiatives intend to increase the bureau's IT efficiency, improve IT delivery, and reduce costs.

Supervisory Responsibilities:

• Supervisory Role

Duties/Responsibilities:

In this role, the Cloud Security Specialist will function as a Cloud Security subject matter expert (SME) helping to solve complex technology and business issues from strategy through execution. The candidate must have extensive experience architecting and provisioning enterprise-level Cloud services, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). He/she will support the design and implementation of best of breed cloud services across several major cloud service providers, including AWS, Google Cloud Platform (GCP), Microsoft Azure (Azure). This is a technical customer-facing role that will be accountable for the end-to-end customer experience.

The Cloud Security Architect must have subject matter expertise in Security Architecture and Vulnerability Management and Network Defense. He/she will be responsible for designing and recommending solutions across all cyber areas and will create solutions that will protect proprietary and confidential data and systems. He/she will assist in the management of tasks associated with network permissions, system permissions, and application permissions. He/she will play a critical role in leading the contract team, interfacing with the TM and COR to ensure that requirements are gathered, and deliverables are met; and ensuring that concerns are addressed in a timely fashion.

This includes but is not limited to:

• Experience with ASW Guard Duty and AWS Control Tower.
• Perform all in and out processing of Cyber Security Branch (CSB) deliverables and maintaining/updating the CSB developed policy and procedures documents.
• Provide advisory services during development, sustainment, O&M and implementation of new/ updated NESDIS IT systems; and for any downward directed or NESDIS sponsored enterprise IT security initiatives.
• Vulnerability Management and Network Defense (VM/ND) - support to maintain effective, integrated, and responsive VM/ND capabilities in NESDIS.
• Assist with the development and maintenance of NESDIS policy, procedures and standard operating procedures. Provide a high-level road map and best practice recommendations, to clients with a Business Productivity Infrastructure Optimization (BPIO) maturity model roadmap to deploy cloud base solutions.
• Evaluate and recommend best-fit, commercially available, and FEDRAMP-compliant cloud services utilizing various cloud models (i.e., public, private, hybrid) to support NOAA's mission and specific business, technical, and security requirements.
• Support cloud optimization activities; performance and cost
• Develops architecture solutions and evaluates alternatives for private, public and hybrid cloud models, including IaaS, PaaS, and other cloud services.
• Researches and recommends cloud architecture that will enhance internal and external platforms, tools, and systems.
• Develop architectural strategies/solutions to ensure application high availability in both hybrid (on-premise / cloud) and fully cloud hosted applications to provide an 'always on' experience
• Acts as a subject matter expert for cloud end-to-end architecture, including current and future providers, networking, provisioning, and management.
• Defines optimal design patterns and solutions for high availability and disaster recovery for applications.
• Ensures delivered solutions are realized in time frame committed; works in conjunction with project owners to size, scope and identify risk.
• Provides technical expertise in the diagnosis and resolution of an issue, including the determination and provision of workaround solution or escalation to owners.
• Ensures delivered solutions meets technical and functional/non-functional performance requirements within.
• Evaluate, design, and implement solutions for migrating on-premise applications to cloud hosting solutions
• Design, architect, and integrate cloud capabilities using FEDRAMP-certified leading cloud providers that include Azure, AWS, and GCP.
• Apply technical knowledge and customer insights to create a modernization roadmap and architect solutions to meet business and IT needs, ensuring technical viability of new projects and successful deployments, orchestrating key resources and infusing key infrastructure technologies (e.g. Windows and Linux IaaS, Security, Management, Storage, Networking)
• Provide high level cost and resource estimates for Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as Service (SaaS) offerings
• Use standardized process for mapping business needs to available cloud technology options, including assessment of risks and possible mitigations
• Architect, engineer, and deploy/provision secure and robust cloud services that include IaaS, PaaS, and SaaS and support service quality, outage management, subscription management, correlation of usage, and charges, and cost-efficient solution architecture.
• Use architectural design principles to develop robust, efficient, and secure cloud solutions based on customer requirements.
• Provide implementation guidance/support to the customer throughout the project life cycle.
• Develop tools and documentation to enable the support organizations to resolve customer issues, including complex technical scenarios dealing with cloud architecture.

KNOWLEDGE, SKILLS, AND ABILITIES
The successful candidate must be self-driven and possess the analytical skills to resolve challenging technical issues, often through collaboration with other technical subject matter experts. The candidate will serve as a technical resource to the team regarding cloud engineering, security, performance, deployment, and troubleshooting. The candidate must demonstrate the ability to think strategically about the customer's business needs and requirements, propose and architect appropriate solutions, and solve technical challenges.

Required Skills:

• CISSP certification
• 8+ years of information technology experience.
• 8+ years of experience implementing and supporting cloud-based cybersecurity
• 8+ years of hands-on experience with security monitoring tools such as IDS/IPS, FWs and NACs, Identity Management systems and protocols such as NetFlow (Snort, Bro, Palo Alto, Checkpoint, Cisco ISE, FireEye, Gigamon)
• 8+ years of experience as a Cybersecurity Solutions Architect
• Experience working with cloud services such as AWS, Azure and O365 and cloud access security brokers.
• AWS Control Tower experience
• Utilization
• Configuration
• Management
• AWS Guard Duty experience
• Activation
• Utilization
• Management
• Proficiency with:
• Tenable Nessus Security
• Hewlet Packard (HP) ArcSight
• IBM BigFix
• Knowledge and comprehensive understanding of U.S. federal IT security policies and implementation standards as documented in the National Institute of Standards and Technology (NIST) guidance to include, but not limited to, NIST Special Publications (SP) and Federal Information Processing Standards (FIPS) available online at Must be able to obtain a security clearance.
• Proficiency with enterprise architecture methodologies, concepts, procedures, principles, and tools, and experience in designing security elements of Service-Oriented Architectures
• Ability to research, recommend, and apply policies and emerging vulnerabilities to both short notice response and long-term vulnerability management program assignments. Proficiency in applying federally accepted IT Security concepts, methodologies, principles, procedures and using industry-standard IT Security tools.

Desired skills

• Certified Ethical Hacker (CEH) certification is desirable.
• Experience working with Datacenter and WAN infrastructures is preferred.
• Desired knowledge of working with government STIGs and vulnerability resolution.
• Federal government experience
• 2+ years' experience with Atlassian Suite (Jira, Confluence, Bitbucket)

Education and Experience:

• Bachelor's degree preferred (preferably in Computer Science, Engineering, Information Systems or a related field.)
• Expert knowledge of FedRAMP Cloud environment and requirements
• Proficiency in:
• verbal and written communications
• interpersonal skills
• handling multiple tasks concurrently
• project and time management.
• Ability to adjust to changing priorities.
• Competence in professional communications.
• Use of Word, Excel, and PowerPoint.
• Ability to collaborate and incorporate new information into existing efforts.