Location: Woodlawn, MD
FosterThomas, a Mid-Atlantic Staffing and Recruiting Firm, is leading the search for an Security Architect for our Client located Woodlawn, MD.
The Security Architect is an individual with assigned responsibility for maintaining the appropriate operational security posture for a federal information system or program. This individual would require hands-on experience evaluating, designing, documenting, implementing, operating, testing, and monitoring security and privacy controls that support the information system security and privacy program. The Security Architect will be responsible for driving architecture and system design to align with all applicable security policies and requirements.
- Provide SME support on security systems standard for network/ application / database; providing technical support as needed.
- Advise customers on security best practices based on infrastructure need.
- Evaluate customer current security posture and report on possible deficiencies.
- Prepares security reports by collecting, analyzing, and summarizing data and trends.
- Develop custom, efficient, complete Cloud management strategies for AWS and other cloud providers.
- Network, Application and Database Security hardening background, Network Hardware Configuration, Network Protocols, Networking Standards, Data analysis capabilities
- Security tools familiarity such as Vulnerability/ Network scanners, Firewalls, Intrusion prevention, Data loss prevention, Assessment tools
- Familiarity with NIST Cybersecurity Standards (NIST SP 800-53, 800-171), FISMA, and HIPAA Security Standards
- Supervision, Conceptual Skills, Decision Making, Informing Others, Functional and Technical Skills, Dependability, Information Security Policies
- Active Security+, CISSP, CISM, CISA or other applicable security certifications
- Must be able to obtain and maintain a Public Trust clearance.
- Must be able to work a 40-hour workweek, normally Monday through Friday. However, times and days may vary depending on business requirements. Needs to be available to work overtime during critical peaks and be available to meet last minute requests for overtime should the situation occur.
- Work with developers to refine security checkpoints in the SDLC and make sure information security risks are managed throughout all the phases of the SDLC.
- Use automated tools to perform source code security analyses to identify vulnerabilities and attack vectors in web applications.
- Provide FedRAMP requirements and guidance.
- Provide Federal Information Security Management Act (FISMA) support and subject matter expertise.
- Recommend system architecture solutions based on industry best practices and knowledge of Federal and organizational security guidelines.
- Performs periodic internal audits, vulnerability assessments, and Web Application testing.
- Maintains current knowledge of relevant technology as assigned.
- Work with developers to support secure coding practices, explain application-related security findings and how to reproduce them, and make sure information security risks are managed throughout all the phases of the SDLC.
- Support, implement, maintain, and monitor security and privacy controls in compliance with FISMA, HIPAA, FedRAMP, and NIST RMF requirements and guidance.
- Plan, document, implement, assess, maintain, and monitor security and privacy controls in accordance with requirements, policies, standards, processes, and procedures documented in the CMS BPSSM, ARS 3.1, TRA, and RMH.
- Experience using vulnerability scanner such as Nessus, OpenVAS, Retina or Nexpose.
- Experience running static analysis /static application security testing tools such as SonarQube, Fortify or Veracode.
- Experience running dynamic application security testing tools such as WebInspect, AppSpider, Acunetix, AppScan, Qualys, Burp Suite Pro or OWASP ZAP.
- Experience running component analysis tools such as Sonatype Nexus IQ, Synopsys Black Duck, OWASP Dependency-Check/Track.
- Proficient in Microsoft Office (Word, Excel, PowerPoint, etc.) and Visio.
- Ability to leverage Microsoft Project for project planning.
- Hands-on experience with implementing, documenting, maintaining, and monitoring CMS Acceptable Risk Safeguards control requirements.
- Experience in implementing and enforcing policies, procedures and guidelines in a complex environment.
- Experience assisting with the implementation of an automated CI/CD DevSecOps pipeline
- Experience in the development, implementation and operation of IT Security Strategy within a complex environment.
- Knowledge and experience with security best practices and relevant legislation.
- Experience with IT Security management, access policy and management, authentication and SSO, authorization, audit, secure communications and network protection, data protection and privacy, and security administration.
- Understanding of, and ability to communicate, security and risk implications to technical and non-technical audiences.
- Experience working as part of an agile scrum team, assisting with security-related tasks and deliverables associated with bi-weekly sprints.
- Excellent interpersonal, verbal and written communication, and organizational skills - must be able to communicate fluently in English both verbally and in writing
- Should be extremely facts and data oriented.
- Should be deadline and closure oriented.
- Strong persuasion, facilitation and influencing skills.
- Should be self-driven.
- Strong analytical, organizational and project management skills.
- Demonstrated ability to lead and work with cross functional teams including senior level individuals.
- Must be able to thrive in a fast-paced, rapidly evolving environment with varying priorities, based on a team building culture.
- Must have lived in the United States at least 3 out of the last 5 years.