Job Details
Title: Security Specialist
Location: Norfolk, VA ( Hybrid )
Duration: 12+ Months
Visa's - All Apart from H1B , CPT
Job Summary:
Project Details:
- Analyse and assess the existing security posture of the Innovation Hub Laboratory Capability (IH, the Platform), and advise on and implement improvements.
- Draft, implement, advocate, and monitor policies within the Innovation Hub to drive a security first mind-set to Information Security
- Collaborate with relevant organizations to achieve ACT cloud-based information system (Platform) and software products accreditation, and to obtain specific Approval for Testing / Interim Authorization to Operate for products.
- Responsible, in collaboration with the Platform and product teams, for creating and maintaining all the necessary security documentation to enable rapid fielding of products onto networks.
- Provide security accreditation advice and guidance to projects and systems during the life cycle of products/services.
- Conduct Security Risk Assessment in support of products/services based on cloud computing architectures (public cloud); in particular, identify the level of threats and vulnerabilities for all the assets comprising products/services, derive the residual risks and provide risk management recommendations.
Must Haves: - An active Certified Information Systems Security Professional (CISSP)
- Active National SECRET (or higher) security clearance
- University degree (BSc or MSc) in Information and Communication Technologies (ICT), Computer Science, or related discipline OR 8 years' experience as a Security Professional
Desired Skills: - Experience working as a Security Professional within the enterprise and knowledge of Security Policy and supporting directives.
- Proven ability to develop and maintaining all security documentation packages needed to achieve the System accreditation or Familiarity with information system accreditation/approval processes.
- Experience with planning, researching and developing security policies, standards and procedures.
- Able to identify, engineer, implement, and monitor security measures for the protection of computer systems, networks, and information, based on security risk assessment methodologies and tools.
- Knowledgeable about (self-hosted) cloud native applications, and associated production cycles.
- Knowledgeable about industry standard security tools (for example SonarQube, Nessus, etc.) and able to create tailored configurations applicable to specific information systems.
- Demonstrated ability to write clear and concise reports and effectively communicate technical information to a non-technical audience.
- Proven knowledge with modern software solutions, technologies and concepts (anti-virus software, intrusion detection, firewall, content filtering, Cloud, Docker, IdAM, Proxy, CI/CD, technology stacks, and other relevant technical concepts) and their relevancy to security
- Proven knowledge of software development (Agile / DevSecOps) as, for example, Developer or Solution/Software Architect, and their relevancy to security
- Knowledge of information security management frameworks ISO/IEC 27001 and/or ISO/IEC 27005.
- An active Certified Information Systems Security Professional (CISSP)
- AWS (or similar) Security Specialties certification.
- Fluent in English (written and Oral).
- Active National SECRET (or higher) security clearance.