ECS is seeking a Cloud Security Specialist (Int) to work in our Morgantown, WV office Please Note: This position is contingent upon [contract award].Job Description:ECS is seeking a Cloud Security Specialist (Int) to work in our Morgantown, WV office. Please Note: This position is contingent upon contract award.Job Description:ECS is seeking a qualified Cloud Security Specialist (Int) to support transformative science and technology solutions for the Department of Energy.In this role you will work directly with administrators to architect secure systems. Independently assess systems for secure configuration and compliance to Federal, NIST 800-53, and Treasury directives. Thoroughly and accurately write security documentation including System Security Plans and Security Assessment Reports. Brief management and administrators on findings. Expect to work directly with administrators to identify and remedy findings and self-direct work to meet OFR deadlines. Design, develop, engineer, and implement solutions to MLS requirements. Perform complex risk analyses which also include risk assessment. Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands. Support customers at the highest levels in the development and implementation of doctrine and policies. Apply know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures. Perform analysis, design, and development of security features for system architectures.Engage directly with administrators and advise them on how to securely configure and administer their applications and operating systems.Perform risk assessments on major applications and technologies and advise management of risks involved in system operation.Perform the work to complete and write from scratch all of the following documentation in a thorough, accurate, and grammatically correct manner:Security Assessment Reports.
Security Impact Asse ssments.
System Security Plans.
Risk Assessments.
Security Risk Compliance Matrix.
Certification Memos.
Accreditation Memos.
Risk Acceptance Memos.
POAMs.
Architect secure systems by direct engagement with system and application administrators.
Assess system compliance with federal information security mandates, DOE Directives, and NIST guidance-and advise management when compliance is deficient.
Read results of vulnerability scans, identify false positives, and work with administrators to resolve vulnerabilities.
Brief management and administrators on findings and recommendations.
Be proactive, self-directed, and align schedule to meet OFR deadlines.Daily Activities:Analyze and defines security requirements for MLS issues. Design, develop, engineer, and implement solutions to MLS requirements. Guide effort to gather and organize technical information abo ut an organization's mission goals and needs, existing security products, and ongoing programs in the MLS arena. Perform risk analyses which also includes risk assessment. Develop security standards.Required Skills:Must be a US Citizen per contract.
Bachelor's Degree in information technology or network security AND two years of related work experience in cloud security best practices.ORAssociate's Degree in information technology or network security AND four years of related work experience in cloud security best practices.ORSix years of related work experience in cloud security best practices.
