Senior Cloud Security Specialist

Other Jobs To Apply

No other job posts for this day.

Seize your opportunity to make a personal impact as an Senior Cloud Security Specialist supporting the Case Management Modernization (CMM) Program.  The CMM program is an initiative to support the Administrative Office of the US Courts (AO) in developing a modern cloud-based solution to support all 204+ federal courts across the United States.

GDIT is your place to make meaningful contributions to challenging projects and grow a rewarding career. The Senior Cloud Security Specialist will work as part of the CMM Enterprise Data Warehouse (EDW) team to deploy a secured cloud-native EDW platform and support the statutory and operational reporting, data cataloging, and other analytical objectives.

RESPONSIBILITIES:

  • Provide subject matter expertise for implementing secure by design concept into development to include security design principles, data protection, threat and vulnerability management, compliance and governance, threat and vulnerability management, and performance risk assessments.
  • Provide an advanced level of information security expertise needed to solve difficult challenges pertaining to the design and implementation of information security solutions, which may include, but is not limited, to networking, operating system, application and database security relative to both techniques and technologies.
  • Identify, document, and automate the integration of security controls into the enterprise architecture and system development life cycle process enabling ongoing (continuous) security monitoring, automated security authorization, and transparent risk reporting.
  • Gain organizational approval for the design and architecture of security requirements for cloud environment including the DWaaS component. Implement and maintain upon approval.
  • Design, implement and maintain layered system security architectures encompassing software, hardware, and communications to support the requirements and provide for present and future cross-functional needs and interfaces.
  • Provide subject matter expertise and hands-on guidance to teams for embedding secure-by-design principles throughout the product lifecycle, including threat modeling and secure coding practices.
  • Design and implement cloud workloads, services, databases, etc. with security as a primary consideration, including network segmentation, granular access control, data protection, and encryption and zero trust principles.
  • Integrate automated security testing in the CI/CD pipelines enabling real-time feedback and rapid remediation of vulnerabilities during development and deployment.
  • Collaborate with the AO Information System Security Office (ISSO) to schedule periodic penetration testing and conduct vulnerability assessments.
  • Provide monthly and ad hoc reports on identified vulnerabilities, remediation actions, and security breaches covering all access layers (database, application, infrastructure). Include trend analysis and recommendations for continuous improvement.
  • Maintain a risk register and track mitigation process.
  • Propose, implement, and validate security risk mitigation activities for all non-production and production environments with documented evidence of effectiveness.
  • Validate successful implementation of risk mitigation activities for all non-production and production environments.
  • Develop and maintain all Cloud Security Documentation: System Security Plan, Business Continuity Analysis, Disaster Recovery Plan, other documents required for Authority to Operate (ATO).
  • Create and maintain a Cloud Security Roadmap, provide updates quarterly and obtain organizational approval for all security architecture and design artifacts.
  • Implement and document technical and administrative controls to protect sensitive data from unauthorized internal access, including logging, monitoring, and access reviews.
  • Provide operational support for identity and access management (IAM) with granular role-based access controls, integration with on-premises identity management solutions in accordance with Judiciary enterprise security standards and cloud identity solutions and enable product teams to maintain a private image catalog for team specific isolation.
  • Support secure design and operation of multi-segment networks, multiple subnets, and virtual network routing, with regular security assessments and documentation.
  • Provide product teams with and enforce approved standards for logging and data retention, ensuring logs are protected, searchable, and compliant with regulatory requirements.
  • Document and maintain Standard Operating Procedures (SOPs) for cyber security.
  • Automate repetitive security tasks (e.g., patching, compliance checks, incident response) to improve efficiency and reduce human error.
  • Implement regular reviews and updates of security controls, policies, and procedures to address emerging threats and technological changes.
  • Implement regular reporting on security KPIs (e.g., mean time to detect/respond, vulnerability remediation time, compliance status) to demonstrate effectiveness and inform decision-making.
  • Establish a process for ongoing assessment and improvement of governance controls.
  • Provide guidance and recommendations to stakeholders for containment, validation, and eradication, and support remediation and recovery of incidents (including coordination, documentation, timeline tracking, and resource identification/utilization).
     

REQUIRED EXPERIENCE & QUALIFICATIONS:

  • 12+ years of experience project leadership in monitoring computer networks and security issues, investigating and resolving security and cybersecurity incidents.

  • Bachelor’s degree with 12+ years of general experience in information systems (10+ years of experience with MA/MS degree) and 8+ years of specialized experience.

  • Preferred:  Certified Information Systems Security Professional (CISSP).

  • Preferred: Architect certification from at least one of the cloud service providers (CSPs).

  • Experience in documenting security incidents and performing security vulnerability assessments.

  • Experience working with Agile teams and SAFe to perform testing and uncovering system and network vulnerabilities.

  • Strong working experience in AWS Cloud Security (Certification is preferred) (3+ years’ experience).

  • Required past ATO experience in AWS environment for large agency. (4+ years’ experience).

  • Required solid understanding of NIST Standards.

  • Experience with the ATO process, FedRAMP, CIS, ISO 27001. (4+ years).

  • Solid understanding on ICAM, SIEM, Vulnerability management tools.

  •  Experience with CSAM or similar tools.

Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...