Steampunk, Inc.
Overview
The Cyber Risk Management Specialist (CRMS) will specialize in in-depth knowledge of the program's cyber security hygiene, DevSecOps, RMF, A&A, FedRAMP compliance, cATO and continuous monitoring. A solid grasp of confidentiality, integrity, and availability (CIA) security concepts is required. The candidate will be responsible for the technical implementation and enforcement of security hardening, vulnerability management, scan analysis, data analysis for metrics reporting, cloud environments, compliance with Federal regulation and policy, and commercial best practices relating to cyber security. The candidate must have the ability to be flexible and adaptive to a fast-paced, fluid business environment. Responsibilities
Integrate security into DevOps effectively at every stage of the software development life cycle (SDLC). Identify security holes and potential breaches, work through multifaceted security issues, and create effective solutions based on understanding of risk posture and treatments. Develop and implement tactical strategies for seamless automation to optimize the IT infrastructure. Apply specialized knowledge of financial audit standards, classified system IA requirements, and Privacy Act requirements. Implement the NIST SP 800 family of publications, particularly those associated with the Risk Management Framework (RMF). Evaluate system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines. Apply in-depth, hands-on knowledge of FedRAMP regulations, process, and requirements to lead project and initiative teams in accrediting cloud products and services. Support external audits, data calls, and the Authorization to Operate (ATO) process by coordinating with organization system owners, engineers, CSPs and Third-Party Assessment Organizations (3PAO). Positively impact the organization’s goals and operational mission through various forms of metric performance measuring tools used to evaluate adherence to compliance. Advise clients on FedRAMP requirements and provide security guidance on implementing security compliance controls per technical, management, and operational requirements. Implement, monitor, and assess NIST SP 800-53 security controls for cloud environments to ensure compliance with FedRAMP requirements and governance models. Ensure ongoing compliance with FedRAMP policy and requirements through monthly deliverables, regular vulnerability scanning, penetration testing, contingency testing, and annual security assessments performed by a 3PAO. Support ATO, cATO, and continuous monitoring activities including security documentation, audit logs, security incidents, and risk assessment. Review and manage Plan of Action & Milestones (POA&M), including remediation tracking and reporting. Qualifications
Ability to obtain a U.S. government Security Clearance Master's Degree and 6 years of cyber and FISMA experience; OR Bachelor's Degree and 8 years of cyber and FISMA experience; OR No degree and 12 years of experience, 10 of which must be in cyber and FISMA Possesses at least one professional certification: CISSP, CASP, CISA, CISM or GSLC Preferred
Experience in FISMA, cloud cybersecurity architecture, compliance with Federal regulation and policy, and commercial best practices relating to cloud security. Experience in Information Security processes to include RMF, FedRAMP, Compliance, Continuous Monitoring, and Annual Assessments. Certifications in CISSP, CRISC, CCSP, CAP/CGRC. Certifications in AWS Certified Solutions Architect, AWS Certified Security, Microsoft Certified Solutions Architect, MCSE Cloud Platform and Infrastructure. Experience conducting assessments in a 3PAO, C3PAO, or risk auditing organization is desirable, but not required. Experience supporting systems in Agile environments. About Steampunk
Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors. Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges. As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com. We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.
#J-18808-Ljbffr
The Cyber Risk Management Specialist (CRMS) will specialize in in-depth knowledge of the program's cyber security hygiene, DevSecOps, RMF, A&A, FedRAMP compliance, cATO and continuous monitoring. A solid grasp of confidentiality, integrity, and availability (CIA) security concepts is required. The candidate will be responsible for the technical implementation and enforcement of security hardening, vulnerability management, scan analysis, data analysis for metrics reporting, cloud environments, compliance with Federal regulation and policy, and commercial best practices relating to cyber security. The candidate must have the ability to be flexible and adaptive to a fast-paced, fluid business environment. Responsibilities
Integrate security into DevOps effectively at every stage of the software development life cycle (SDLC). Identify security holes and potential breaches, work through multifaceted security issues, and create effective solutions based on understanding of risk posture and treatments. Develop and implement tactical strategies for seamless automation to optimize the IT infrastructure. Apply specialized knowledge of financial audit standards, classified system IA requirements, and Privacy Act requirements. Implement the NIST SP 800 family of publications, particularly those associated with the Risk Management Framework (RMF). Evaluate system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines. Apply in-depth, hands-on knowledge of FedRAMP regulations, process, and requirements to lead project and initiative teams in accrediting cloud products and services. Support external audits, data calls, and the Authorization to Operate (ATO) process by coordinating with organization system owners, engineers, CSPs and Third-Party Assessment Organizations (3PAO). Positively impact the organization’s goals and operational mission through various forms of metric performance measuring tools used to evaluate adherence to compliance. Advise clients on FedRAMP requirements and provide security guidance on implementing security compliance controls per technical, management, and operational requirements. Implement, monitor, and assess NIST SP 800-53 security controls for cloud environments to ensure compliance with FedRAMP requirements and governance models. Ensure ongoing compliance with FedRAMP policy and requirements through monthly deliverables, regular vulnerability scanning, penetration testing, contingency testing, and annual security assessments performed by a 3PAO. Support ATO, cATO, and continuous monitoring activities including security documentation, audit logs, security incidents, and risk assessment. Review and manage Plan of Action & Milestones (POA&M), including remediation tracking and reporting. Qualifications
Ability to obtain a U.S. government Security Clearance Master's Degree and 6 years of cyber and FISMA experience; OR Bachelor's Degree and 8 years of cyber and FISMA experience; OR No degree and 12 years of experience, 10 of which must be in cyber and FISMA Possesses at least one professional certification: CISSP, CASP, CISA, CISM or GSLC Preferred
Experience in FISMA, cloud cybersecurity architecture, compliance with Federal regulation and policy, and commercial best practices relating to cloud security. Experience in Information Security processes to include RMF, FedRAMP, Compliance, Continuous Monitoring, and Annual Assessments. Certifications in CISSP, CRISC, CCSP, CAP/CGRC. Certifications in AWS Certified Solutions Architect, AWS Certified Security, Microsoft Certified Solutions Architect, MCSE Cloud Platform and Infrastructure. Experience conducting assessments in a 3PAO, C3PAO, or risk auditing organization is desirable, but not required. Experience supporting systems in Agile environments. About Steampunk
Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors. Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges. As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com. We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.
#J-18808-Ljbffr