Security Officer

Seeking a Security Office100% RemoteDescription:It’s a mix but weighted towards ISSO related duties. The ideal candidate would be very strong in creating compliance documentation (ATO docs) understand the process and be comfortable in that ISSO role. BUT I also need someone who has managed security and compliance for cloud systems, understands cloud (AWS preferably) terminology, can be a part of technical conversations (at least at a high level). Regarding Vulnerability Analysis, the candidate should have previous experience managing the process of vulnerability/compliance remediation. They should at a minimum be able to review Tenable reports and manage the remediation process. Candidate should also be comfortable working in an Agile team, looking for someone with a DSO mindset. Security Tools: Preferred: Tenable.sc (or .io or Nessus), Desirable: JFrog Xray, Snyk, AWS Security Hub. Agile Tools: Preferred: JIRA/Confluence Frameworks: Preferred: CMS Acceptable Risk Safeguards (ARS), Target Life Cycle (TLC). Also Desirable: RMF and NIST 800 Series Previous CMS experience highly desirable but not required.Job Description:We’re seeking a Security Officer responsible for implementing security tools, security tool usage, ensuring tools remain compliant and configured properly, all the while ensuring a successful program ATO. The Security Engineer is responsible to monitor, evaluate, and maintain systems and procedures to safeguard internal information systems, networks, databases, and Web-based assets.Responsibilities Conducts vulnerability assessments and monitors systems, networks, databases and Web-based assets for potential system breaches. Recommends and takes the lead on implementing changes to enhance security systems, prevent unauthorized access, and help mitigate security vulnerabilities. Responds to alerts from information security tools. Reports, investigates, and resolves higher level security incidents. Responds to security tool outages, degradations in service, tune security rules and alerts, and setup/maintain security tool dashboards and reporting. Research security trends, new methods, and techniques used in unauthorized access of data in order to preemptively eliminate the possibility of system breach. Ensures compliance with regulations and privacy laws. Conducts research to identify new attack vectors. Educates and communicates security requirements and procedures to all users and new employees. Applies iterative security automation to all program aspects increasing overall security posture iteratively and never accepts the status quo. Designs, develops, engineers, and implements solutions to security requirements. Performs risk analyses which also include risk assessment. Assists with coordination and implementation of the organization’s information security. Works tirelessly to ensure developers create the most secure systems in the world while enhancing the privacy of all system users. Performs white-hat hacking and fundamental computer science concepts strongly desired. Performs security audits, risk analysis, application-level vulnerability testing, and security code reviews. Develops and implements technical solutions to help mitigate security vulnerabilities.Required Qualifications Minimum of 4 years related experience. A Bachelor’s degree in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline. With six years of general information technology experience and at least four years of specialized experience, a degree is not required. Possesses a working knowledge of several of the following areas is required: understanding of business security practices and procedures; knowledge of current security tools available; hardware/software security implementation; different communication protocols; encryption techniques/tools; familiarity with commercial products; and current Internet technology. Understands continuous automated security practices applied to data and application engineering teams. AWS Cloud, AWS EMR Experience with designing security “baked-in” to any architecture: Cloud and IaC, Applications, Web application, Data Processing, Data Centric Applications, AI/ML, CICD Pipelines; seeks automation driven designs. Experience with Security Information and Event Management (SIEM) systems. Demonstrated work experience with the following: computer networking, cryptography, security engineering and architecture, vulnerability assessments, or operating systems required. Broad experience using cloud services, Linux systems, and Development/Data engineering core tools Github, GitHub Actions, Security Tools, etc. Demonstrated working knowledge of vulnerability assessment and penetration testing tools. Understands how to assess vulnerabilities and provide recommendations regardless of first-hand knowledge of the application or system. Proven ability to work effectively both independently and/or in a team setting. Ability to communicate technical information to a non-technical audience. Must possess strong analytical and problem-solving abilities; and strong critical-thinking skills in complex communication environments. Strong attention to detail. Required to manage/follow-through of multiple independent tasks, dependencies across intra/inter-project teams Excellent organizational and time-management skills in a fast-paced environment. Excellent customer service skills with the ability to deal tactfully, confidently, and ethically with both internal and external customers. Experience with Government Agency Security Assessment Process in support of maintaining and/or establishing an ATO and the appropriate boundary. Experience with Agile methodologies Experience with Atlassian Jira/Confluence Excellent command of written and spoken English. Ability to obtain and maintain a Public Trust; residing in the United StatesSkills:Rmf, Security, Risk management, Cyber security, Nist, Information security, Vulnerability, Compliance, Security policy, Cloud, Security controls, AWS, Tenable, Nessus, Nist 800, ATO, vulnerability assessment, compliance remediation, Emass, Information assurance, Cissp, Security+, JIRA, ConfluenceAdditional Skills & Qualifications:Desired Qualifications Experience working in the healthcare industry or Government Agency: CMS. Federal Government contracting work experience Highly preferred industry certification such as the CISSP, CEH, GIAC, etc.About TEKsystems: We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company. The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.We are an equal opportunity employers and will consider all applications without regard to race, genetic information, sex, age, color, religion, national origin, veteran status, disability or any other characteristic protected by law. To view the EEO is the law poster click here. Applicants with disabilities that require an accommodation or assistance a position, please call 888-472-3411 or email mpowers@teksystems.com. This is a dedicated line designed exclusively to assist job seekers whose disability prevents them from being able to apply online. Messages left for other purposes will not receive a response.