Cloud Security Engineer

Job Description:

LS Technologies is currently seeking a Cloud Security Engineer to support the Federal Aviation Administration (FAA) National Cloud Integration Services (NCIS). The Cloud Security Engineer must have cloud engineering experience and should have knowledge working with National Institute of Standards and Technology (NIST), Federal Information Processing Standard (FIPS), and Risk Management Framework (RMF) authorization process.

Responsibilities:

• Builds, maintains, upgrades and continuously improves cloud networks and cloud-based systems
• Responsible for the operations of secure cloud infrastructure, platforms, and software
• Install, maintain, and upgrade the cloud computing environments and core infrastructure
• Responsible for input and feedback on security architectures
• Responsible for the thorough documentations of implementations, via technical documentation and run-books
• Apply adept understanding and experience with systems automation platforms and technologies
• Shape the organization's security policies and standards for use in cloud Responsible for automating security controls, data and processes to provide improved metrics and operational support
• Employ cloud-based APIs when suitable to write network/system level tools for safeguarding cloud environments
• Stay abreast of emerging security threats, vulnerabilities and controls
• Responsible for developing the security risk posture of Federal Aviation Administration (FAA) Air Traffic Organization (ATO) and enterprise assets by analyzing security/vulnerability assessment reports based on system-specific and common security controls.
• Review security documentation to include Security Characterization Documents (SCD), System Security Plans (SSP), and System Contingency Plans (SCP)
• Provide support for incident response and operational assessments based on Common Vulnerability and Exposure (CVE) records.

• Design, plan and implement client-specific cloud solutions and interpret security and technical requirements into business requirements and communicate security risks to relevant stakeholders ranging from business leaders to engineers
• Ensure the cloud network is responsive to user demands
• Scaling cloud services to growing businesses and execute security architectures for cloud cloud/hybrid systems
• Liaising with team member and system owners to determine growth plans and use of Cloud
• Implement effective security strategies on networks
• Ensure compliance with relevant legislation and guidelines

Requirements:

• Comprehensive understanding of and experience with various Cloud technologies (e.g., AWS, Azure) including Cloud compliance with the NIST RMF.
• Must possess a solid foundation in working with system and software architectures for complex aerospace systems.
• Ability to apply system security engineering techniques to assess, solve, and mitigate cyber vulnerabilities.
• Experience in design, maintenance, and operation of large enterprise sized networks
• Work cooperatively with team members and perform specialized tasks and projects with a high degree of independence.
• Strong written and verbal communication skills, including presentations skills.
• Ability to document and/or present ideas and findings to facilitate management decisions.
• Ability to develop new ideas and techniques that advance the state of the practice for cybersecurity.

• Experience with engineering and operating a hybrid cloud delivery model with focus on data coherency between on-prem and off-prem component
• Strong analytical, problem solving, and trouble shooting skills
• Desire to learn new technologies, processes, and procedures
• Familiar with DevOps tools and version control systems (SVN, Git)
• Preferred: Bachelor's Degree in Computer Science, Computer Engineering, Information, or Cyber security/Information Assurance

Preferred Experience

• Experience with FAA National Airspace System (NAS) requirements and systems engineering

• Certified Information Systems Security Professional (CISSP); Or combination of Security+ CE; Certified Cloud Security Practitioner (CCSP); SANS GIAC Security Essentials (GSEC); Systems Security Certified Practitioner (SSCP)

• Comprehensive understanding of cybersecurity frameworks such as NIST Cybersecurity Framework (CSF), NIST RMF, and International Organization Standardization/International Electrotechnical Commission (ISO/IEC) 27018

• Enterprise Security, Information Assurance, Cybersecurity and cryptography encryption concepts, Web security, Cyber Risk Analysis, Risk management, Reducing Cyber Risk, Vulnerability management/remediation
• Security Information and Event Management (SIEM): Splunk, ArcSight, Syslog/Rsyslog.
• Experience with tools such as DataDog and/or Splunk is a plus
• Experience and knowledge of securing container platforms such Kubernetes and RedHat Openshift a plus.
• Experience and knowledge of securing CI/CD DevOps pipelines
• Demonstrated ability to configure, maintain, and audit Network Access Control Lists, firewall rulesets, and VPN configurations
• 3+ years of AWS experience is required
• Experience and knowledge of endpoint protection for cloud-based resources

Clearance Level Required

Public Trust

Travel

• 0-20%

LS Technologies, LLC provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.