Cyber Security Technical Lead - Fairfax, United States - Gridiron IT

    Gridiron IT
    Gridiron IT Fairfax, United States

    2 weeks ago

    Default job background
    Description
    GridIron IT is seeking a Cloud Security Technical Lead to work on a remote basis.

    Ability to obtain Public Trust Clearance Required


    Cloud Cyber Security Assessor, who is Subject Matter Expert (SME) in Cloud technologies, and conduct vulnerability assessments on a wide variety of client applications.

    This is an opportunity for a team player who would like to work with a world-class team and is eager to grow their cyber security skills.


    Essential FunctionsThe Cloud Cyber Security Assessor, as a SME on multiple cloud platform and technologies is responsible to performing hands-on technical testing of the application.

    Conduct application security assessments (web application, web service, etc.) in federal government space for mission critical application hosted in AWS, Microsoft Azure, hybrid cloud and physical datacenter.

    These assessments involve manual testing utilizing testing tools, manual techniques, and analysis as well as the use of automated application vulnerability scanning/testing tools and/or code review tools.


    Responsibilities include:


    Proficient in all aspects of Cloud Security including identity and access management, defining organizational structure and policies, using Cloud technologies to provide data protection, configuring network security defenses, collecting and analyzing logs.

    Attaining an accurate understanding of the application logic and architecture.

    Performing manual security assessment testing in determining the following:

    Whether application security controls have been implementedAre technical controls are working as intendedProducing the desired results

    Discover the design, implementation, and operational flaws that could violate organization's IS Policies, Standards, Procedures and Guidelines.
    Using automated tools such as Nessus, WebInspect, SNYK, SNORT, PowerShell, Nmap and Burp Suite to scan system for vulnerabilities.

    Provide technical expertise in IT Security Risk Management functionsEnhance and perform standard operating procedures as applicable for systems to be assessed for an Authorization to Operate (ATO)Performing analysis of automated vulnerability scanning tool results to identify system vulnerabilities.

    Identifying system deviations leveraging best security practices such as NIST, and SANS.Documenting findings and consulting with security assessment team members to verify/corroborate system findings.

    Interviewing application system staff; and presenting application findings during the daily stakeholder briefing.
    Write assessment report of findings, debrief via conference calls to system owners and consult on remediation options.
    Retest security vulnerabilities that have been identified as fixed to verify remediation is effective.
    Contribute to security assessment, tooling, and reporting methodology enhancements.
    Stay up-to-date in current tools, techniques, and vulnerabilities to incorporate into testing practicesAny other services as reasonably requested by EIT


    Qualifications:
    Technical bachelor's degree with 10 or more years' related work experience.

    Technical Maters Degree with 7 or more years' related work experience (Technical degree defines as in Information Assurance, Cyber security, Computer science or information technology field of study)Must have CISSP, Security+, CEH, CCSK, AWS Architect certification.

    Professional certifications like, CISA, CISM, CAP; CASP; CISO; CCFE are nice to have.

    Expertise with Cloud Platform (AWS and Microsoft Azure) with AWS/Cloud related CertificationExpertise in server less technologies including containers and orchestration (Docker, Kubernetes, AWS Container service etc).Working knowledge of the cloud FedRAMP processThrough understanding of CDM for application security vulnerabilities and mitigation.

    Experience evaluating ATO security documentation and templates, including but not limited to SSPs, POAMs, Contingency Plans, Scoping templates.5+ years' experience performing application security assessments and penetration testing using manual techniques plus dynamic vulnerability testing tools (including Nessus, WebInspect, and Burp Suite, web proxies, scanners) and static code review tools to identify exploitable vulnerabilities, including testing techniques used to exploit vulnerabilities in the OWASP Top Ten lists.5+ years' experience in various system administrator/engineering tasks on Windows and Linux operating systems.

    Experience with tools like SNORT, PowerShell, Python, Forensic Tools, IDS, IPS, SPLUNK and SnowFlakeIn depth Knowledge of common server applications such as IIS, Apache, LDAP, Tomcat, sshIn depth Knowledge of common network protocols such as HTTP/HTTPS, TCP/IP, UDPAbility to obtain Public Trust clearance.

    Gridiron IT Solutions is an Equal Opportunity Employer.

    All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status or disability status.

    Gridiron IT is a Women Owned Small Business (WOSB) company specializing in IT Infrastructure, Cyber & Cloud Security, Software Development, and Enterprise Support.

    Gridiron is an Inc recipient and Washington Business Journal Fastest Growing Companies in the Greater Washington Area for 2022. Gridiron offers a competitive benefits package to include medical, dental, vision, 401(k), life insurance, disability insurance, and pet insurance.
    #J-18808-Ljbffr