Sr Security Consultant (FedRAMP)
Duties & Responsibilities:
Sr. Security Consultants are leaders in the NIST/FedRAMP Advisory space who bring deep knowledge of client engagement and development, and practice management, using your strong experience with FedRAMP and FISMA and familiarity with the NIST risk management framework you will support and lead teams to perform advisories and assessments for cloud computing technologies in meeting federal compliance.
As a Sr. Security Consultant, you will be responsible for supporting and leading client engagements, assigning work, reviewing team contributions, and assuring quality reports are provided. We recommend solutions to meet each client's specific challenges and build long-term strategies that can help them identify, prevent, respond, and recover from security breaches and data theft. We're on the cutting edge of one of the world's most important industries, and we protect our clients from ever-evolving security threats through our innovative advisory, auditing, and ethical hacking solutions. We're growing rapidly and are currently seeking a Senior Security Consultant to join our cyber advisory team.
What you'll do:
What you'll bring:
- Lead IT system security consultation within cloud-based environments in accordance with NIST SP 800-53, 800-37, OMB, and other authoritative IT security guidance
- Develop System Security Plans, Continuous Monitoring Plans, and Incident Response Plans in accordance with NIST requirements
- Provide direction for scheduling, project sequencing, and resource management; assist with managing client expectations and performing project management
- Prepare, review, and/or update, and maintain IT Security supporting artifacts
- Provide IT security guidance to Information System Owners
- Identifying information security problems and challenges, researching and developing technical solutions to rectify them
- Execute, examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4
- Ensure cyber security policies are adhered to and that required controls are implemented
- Validate information system security plans to ensure NIST control requirements are met
- Author recommendations based on findings to improve security postures compliant with NIST controls
- Develop Security Authorization Packages that are compliant with FedRAMP and DoD requirements under the supervision of senior staff members. Package components include: System Security Plans, Contingency Plans, Configuration Management Plans, Incident Response Plans, Privacy Impact Assessments, Security Assessment Plans, and Security Assessment Reports.
- Assist in the review and analysis of Security Authorization Packages for completeness and compliance with FedRAMP and DoD requirements.
- Participate in client interviews to complete Security Authorization Packages and Security Assessments.
- Ensure existing systems Security Authorization Packages remain up to date throughout the life cycle.
- Provide review and analysis of vulnerability scan results from tools such as Nessus, Qualys, AppDetective, WebInspect, IBM AppScan, Burp Suite, etc.
- Build a customer-focused relationship with client(s).
- Collaborate across multiple internal teams to ensure successful delivery of results based on scope of work.
- Establish standards and procedures to minimize risks.
- Present proposals to clients.
- Drive working sessions with client to ensure expectations and direction are aligned and timelines are being met.
- Demonstrate ability to lead projects through the project lifecycle from initiation to project closure.
Required Education and Experience:
- Bachelor's degree (four-year college or university) in IT or business, or equivalent combination of education and work experience
- Five to ten (5-10) years of experience as a consultant within professional IT services
- Deep experience with government compliance, including FISMA, FedRAMP, and DoD RMF
- Strong knowledge of NIST Special Publications 800-30, 800-37, 800-53
- Experience with every step within the delivery of Certification and Accreditation (C&A) / Assessment and Authorization (A&A) packages that have obtained and maintained full authorization to operate (ATO)
- Strong Background with commercial cloud environments; architectures, technologies, and services
- Strong written and verbal communication skills, with attention to detail
- Familiarity with statutes and regulations across multiple industries relevant to IT (e.g. SOX 404, HIPAA, FedRAMP, GLB, Patriot Act)
- Security focused industry certifications such as an, AWS Security Architect Professional, AWS Security Specialist, AWS Associate Architect CISA, CISM, CISSP, CCSP, CRISC, CCISO
- Knowledge of information security related solutions, tools, and utilities
- Excellent verbal and written skills
- Ability to assist team members with proper artifact collection and detail to client's examples of artifacts to satisfy assessment requirements
Required Technical Competency Skills
- Bachelor's degree (4-yr college or university) or equivalent combination of education and experience
- 8-10 years of experience in either auditing or consulting
- 5-8 years of experience is acceptable with the right skill set and having dealt with many systems in a short time, e.g. worked in a Government or DoD Program Management Office
- Strong NIST experience (in order of preference): NIST SP 800-53, FedRAMP, RMF, FISMA, NIST SP 800-171
- Demonstrated familiarity with NIST 800 series guidelines (800-30, 800-37, 800-53 and 53A, 800-60, etc.).
Required Soft Skills
- Broad based IT background with a technical understanding of networks, protocols, security configurations, cryptography, identity and access management, and the systems development life cycle.
- Provide technical expertise and remain current on cloud computing, cybersecurity, and technology trends in the marketplace.
- Minimum three (3) years of experience in IT industry with strong familiarity with NIST Special Publications (SP) 800-37 Revision 1, 800-53 Revision 4, and 800-53A Revision 1
- Applies attention to detail, accuracy, and thoroughness in all work products.
- Demonstrated skills in the entire Microsoft desktop suite (Word, Excel, Power Point, etc.).
- Broad knowledge of cloud computing, containerization, microservices architecture, orchestration tools, DevOps tools such as Terraform, Hashicorp products, ELK Stack, Kafka, Hadoop Clusters, Kubernetes, HA Proxy/NGNIX, Service Directory services such as Register, consul-template, spring. Configuration Management tools such as Chef, Puppet, Ansible, Salt etc.
- Provide technical expertise and remain current on technology trends in the marketplace.
- Strong written and verbal communication skills including the ability to explain technical matters to non-technical audiences
- Excellent communication skills, both written and verbal with strong presentation skills.
- Ability to translate technical materials and issues into non-technical/layman terms.
- Ability to interact with clients and represent Bladestack.io in a professional manner.
- Ability to successfully manage multiple tasks.
- Serve as mentor to Associate Security Consultants and Security Consultants on best practices.
- Team player able to work well with others in a collaborative manner and is a self-starter who can work with minimum supervision.
- Work to continually build and improve solid and well-rounded practices and processes
- At least one of the following certifications in order of preference: AWS Security Architect Professional, AWS Security Specialist, AWS Associate Architect CISA, CISM, CISSP, CCSP, CRISC, CCISO
- Second certification in order of preference to be obtained within 6 months or by conversion date: AWS Security Specialist, AWS Associate Architect CISA, CISM, CISSP, CCSP, CRISC, CCISO
- Able to obtain a clearance.
- Additional industry certifications, such as AWS Solutions Security Specialist, AWS Solutions Architect Professional, Azure Certifications, or other
- Additional project management certifications such as Project Management Professional (PMP), Program Management Professional (PgMP)
Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").
- Sap Erp
- Advanced Business Application Programming (Abap)
- Sap Netweaver Business Warehouse
- Production Support
- Sap Bi Accelerator