Design. Disrupt. Repeat.
Be an agent of change on a team committed to achieving client-focused, mission-driven excellence. Steampunk is the explosive collision of human-centered design and traditional government contracting. We are an employee-owned company with a startup mindset and time-tested approaches tailored for the federal government. We’re passionate about creating solutions that are impactful, practical, and scalable while meeting our clients’ ever-changing needs. We believe in empowering our people to find creative solutions to intractable problems. We believe the best environment in which to grow and thrive is outside our comfort zone. We believe that while good design makes for a good product, human-centered design makes for an excellent one.
Steampunk is seeking a Cloud Security SME with years of experience leveraging federal regulatory and health science expertise to advance the adoption of secure cloud implementations for our federal customers. The primary responsibilities for the position are to support all activities that architect secure cloud implementations, support documentation and control implementation for security authorizations (ATOs), and advocate and implement security best practices to reduce the organization’s level of risk when migrating to or leveraging the cloud. The nature of the work requires that the candidate demonstrate initiative, organization, responsibility, customer service skills, and the ability to be flexible and adaptive to a fast-paced, fluid business environment. The candidate must be able to communicate effectively and decisively with all levels of the organization, be able to solve complex problems, and exercise sound judgement with regards to sensitive and confidential information.
ContributionsAs a Cloud Security SME, you'll play a crucial role in securing an organization's information systems and data, particularly in federal government agencies where data security and compliance are paramount. Your contributions will encompass a wide range of responsibilities and activities aimed at safeguarding sensitive information, complying with regulations, and mitigating cybersecurity risks.
Identify and implement the most secure cloud-based solutions for the customer including components for zero-trust architectures, identity and access management policy, and data privacy Understanding the needs of stakeholders and optimizing solutions that marry security with usability Monitor cloud environments for suspicious activities with cloud native monitoring or SIEM solutions and investigate security incidents where appropriate Ensure that systems are safe and secure against cybersecurity threats through risk assessment, threat modeling, and compliance with industry standards (e.g. NIST, ISO 27011, HIPPA, FISMA, etc.) Automate security processes such as vulnerability management and patch management Ensure effective design and implementation of data protection and encryption mechanisms for data at rest and in transit Document as-is state of the environment, perform a gap analysis, and produce artifacts that articulate options and recommendations Review and assess the security architecture of new systems, applications, and technologies to identify and mitigate potential risks. Lead in the design and development of tools that automate compliance activities. Recommend appropriate mitigation measures and advise on proper design trade-offs in terms of potential impacts and cost benefits. Proactively create, monitor and update the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates. Review and update security authorization documents as needed, but at least annually; Perform system self-assessments as part of the customer's Ongoing Authorization program; Provide audit support for assigned systems (Financial, A-123, FISMA, internal, DHS, etc.), throughout the audit (Pre, During, and Post Audit). Participate in DevOps Sec (security integrated into Agile processes) requirements for assigned systems. Ensure CM processes are followed to ensure that any changes do not introduce new security risks. QualificationsRequired:
Ability to obtain a U.S. government Security Clearance BS Degree in an IT field OR BS in a non-IT field and 8 years related IT experience 8 Years of Experience supporting Information Assurance or Cloud Security programs 5 Years of Experience architecting, designing, developing, and implementing cloud solutions 5 Years of Experience with one or more clouds (i.e. AWS, Azure, or GCP) 5 Years of Experience with systems development in an Agile environment 3 Years of Experience providing conducting monitoring, risk assessment, threat modeling and security testing in cloud environments 3 Years of Experience documenting POAMs, SSPs, and A&A support documentation Must possess a information security certification Excellent written and verbal communication skills, interpersonal and collaborative skills Experience with documenting an as-is state of the environment, perform a gap analysis, and produce artifacts that articulate options and recommendations preferred Extensive specialized knowledge of cloud engineering or application and design Specialized knowledge and experience in: Evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines Knowledge and experience with the vulnerability scanning execution, assessment, and analysis Evaluating operating system and network engineering (i.e., Local Area Networks [LAN] and Wide Area Networks [WAN]) Evaluating application security, database security, and network security Supporting vulnerability scanning, assessment, and analysis Leveraging federal information security regulation, standards, assurance principles (e.g., Defense-in-depth) and associated supporting technologies Hands-on experience with AWS and Azure
Preferred:
Able to commute to limited in person activities in the Washington, DC Metro area Ability to possess a certification in at least two of the four CSPs: AWS, Azure, GCP, or OCI Hands-on experience with GCP and OCI About steampunkSteampunk relies on several factors to determine salary, including but not limited to geographic location, contractual requirements, education, knowledge, skills, competencies, and experience. The projected compensation range for this position is $130,000 to $190,000. The estimate displayed represents a typical annual salary range for this position. Annual salary is just one aspect of Steampunk’s total compensation package for employees. Learn more about additional Steampunk benefits here.
Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors. Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges. As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.
Options Apply for this job onlineApplyShareRefer a FriendRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed Need help finding the right job? We can recommend jobs specifically for you! Click here to get started. Application FAQsSoftware Powered by iCIMS
www.icims.com