Security Architect, Woodlawn, MD
Our client is seeking a Senior Architect for a contract to hire opportunity in Woodlawn, MD.
All candidates must have lived in the United States at least three (3) out of the last five (5) years prior in order to be considered.
Clearance: Must be able to obtain and maintain a Public Trust clearance.
Schedule: Must be able to work a 40-hour workweek, normally Monday through Friday. However, times and days may vary depending on business requirements. Needs to be available to work overtime during critical peaks and be available to meet last minute requests for overtime should the situation occur.
Residency: Must be a US Citizen or Green Card Holder due to client requirements.
Note: Will initially work remote due to current COVID-19 situation, then will be required to be on-site full time once stay at home restrictions are lifted.
The Security Architect is an individual with assigned responsibility for maintaining the appropriate operational security posture for a federal information system or program. This individual would require hands-on experience evaluating, designing, documenting, implementing, operating, testing, and monitoring security and privacy controls that support the information system security and privacy program. The Security Architect will be responsible for driving architecture and system design to align with all applicable security policies and requirements.
- Provide SME support on security systems standard for network/ application / database; providing technical support as needed.
- Advise customers on security best practices based on infrastructure need.
- Evaluate customer current security posture and report on possible deficiencies.
- Prepares security reports by collecting, analyzing, and summarizing data and trends.
- Develop custom, efficient, complete Cloud management strategies for AWS and other cloud providers.
- Provide FedRAMP requirements and guidance.
- Provide Federal Information Security Management Act (FISMA) support and subject matter expertise.
- Recommend system architecture solutions based on industry best practices and knowledge of Federal and organizational security guidelines.
- Performs periodic internal audits, vulnerability assessments, and Web Application testing.
- Maintains current knowledge of relevant technology as assigned.
- Use automated tools to perform source code security analyses to identify vulnerabilities and attack vectors in web applications.
- Experience using vulnerability scanner such as Nessus, OpenVAS, Retina or Nexpose.
- Experience running static analysis /static application security testing tools such as SonarQube, Fortify or Veracode.
- Experience running dynamic application security testing tools such as WebInspect, AppSpider, Acunetix, AppScan, Qualys, Burp Suite Pro or OWASP ZAP.
- Experience running component analysis tools such as Sonatype Nexus IQ, Synopsys Black Duck, OWASP Dependency-Check/Track.
- Proficient in Microsoft Office (Word, Excel, PowerPoint, etc.) and Visio.
- Ability to leverage Microsoft Project for project planning.
- Network, Application and Database Security hardening background, Network Hardware Configuration, Network Protocols, Networking Standards, Data analysis capabilities
- AWS Cloud Practitioner, or AWS Solution Architect Certification
- Security tools familiarity such as Vulnerability/ Network scanners, Firewalls, Intrusion prevention, Data loss prevention, Assessment tools
- Familiarity with NIST Cybersecurity Standards (NIST SP 800-53, 800-171), FISMA, and HIPAA Security Standards
- Supervision, Conceptual Skills, Decision Making, Informing Others, Functional and Technical Skills, Dependability, Information Security Policies
- Active Security+, CISSP, CISM, CISA or other applicable security certifications
- Work with developers to refine security checkpoints in the SDLC and make sure information security risks are managed throughout all the phases of the SDLC.
- Work with developers to support secure coding practices, explain application-related security findings and how to reproduce them, and make sure information security risks are managed throughout all the phases of the SDLC.
- Support, implement, maintain, and monitor security and privacy controls in compliance with FISMA, HIPAA, FedRAMP, and NIST RMF requirements and guidance.
- Plan, document, implement, assess, maintain, and monitor security and privacy controls in accordance with requirements, policies, standards, processes, and procedures documented in the CMS BPSSM, ARS 3.1, TRA, and RMH.
- Excellent interpersonal, verbal and written communication, and organizational skills - must be able to communicate fluently in English both verbally and in writing
- Should be extremely facts and data oriented.
- Should be deadline and closure oriented.
- Strong persuasion, facilitation and influencing skills.
- Should be self-driven.
- Strong analytical, organizational and project management skills.
- Demonstrated ability to lead and work with cross functional teams including senior level individuals.
- Must be able to thrive in a fast-paced, rapidly evolving environment with varying priorities, based on a team building culture.
- Hands-on experience with implementing, documenting, maintaining, and monitoring CMS Acceptable Risk Safeguards control requirements.
- Experience in implementing and enforcing policies, procedures and guidelines in a complex environment.
- Experience assisting with the implementation of an automated CI/CD DevSecOps pipeline
- Experience in the development, implementation and operation of IT Security Strategy within a complex environment.
- Knowledge and experience with security best practices and relevant legislation.
- Experience with IT Security management, access policy and management, authentication and SSO, authorization, audit, secure communications and network protection, data protection and privacy, and security administration.
- Understanding of, and ability to communicate, security and risk implications to technical and non-technical audiences.
- Experience working as part of an agile scrum team, assisting with security-related tasks and deliverables associated with bi-weekly sprints.
- Only those individuals selected for an interview will be contacted.
- No calls, inquiries, or Third Party Vendors please.
- We are an equal opportunity employer (Unable to sponsor H1B Visas).
- $1000 Referral Bonus - www.aci.com.
Since 1988, The ACI Group, a Baltimore-based IT staffing firm, has been committed to hiring the industry’s leading professionals, and presenting exciting career opportunities. We have access to varied types of contract, permanent and contract-to-perm positions and offer a choice of employment options including a full benefits package.
Submit your resume for this job