Information Security Manager

Bidscale is accelerating government innovation.
Bidscale is betting on a future fueled by government innovation. Internet, space travel, and GPS - many of the most important technological innovations arose out of the public sector. We believe that Federal agencies will again foster the next wave of innovations by harnessing the scale, reach, and purchasing power of the government. In the current environment, this ambition is an uphill battle. Existing procurement processes are not responsive to need; agencies face numerous policy bottlenecks that stall innovation. Acquisitions are often driven more by compliance than by strategy. Something needs to change. Bidscale is committed to driving digital transformation to support our country's Contracting Officers and specialists. This mission has far-reaching consequences. From combat helicopters to scientific research to clerical services, contracts underpin the operational effectiveness of the country. An America able to buy quicker and smarter is a stronger, more prosperous America. We at Bidscale are driven by the importance of our mission. Our impact may seem narrow at face value, but we believe that our work acts as a major force multiplier for the efficacy and efficiency of the Federal government. We are Americans supporting the development of a more innovative America. Bidscale is accelerating government innovation. If this type of work interests you, we'd love for you to join us!
The Information Security Manager works as a leader within our engineering department to a robust cybersecurity and compliance posture across our product portfolio. This team member will help architect sound security principles, position the enterprise to adhere to multiple high-priority compliance frameworks (including FedRAMP, SOC2, and ISO27001), serve as the primary incident response leader, and act as a trusted advisor to senior company leadership for all risk matters. Cybersecurity is one of Bidscale's highest priorities and the ISM will be one of the key hires to building out a full-fledged security team.
Position details & benefits:

• Total compensation up to $175,000 commensurate with qualifications
• US citizenship required; full-time, salaried, exempt only
• 90-100% remote
• Unlimited PTO
• 90% - 100% company coverage for leading options on Health, Dental, Vision, Life, Short-Term Disability
• 100% match up to 6% of 401k contribution, vested immediately

Qualifications:

• Bachelor's degree in computer science or other related field
• 6+ years of experience operating cybersecurity programs for Federal information systems and/or Software-as-a-Service products
• Experience spearheading compliance initiatives to navigate commercial products to successful accreditation under SOC-2, ISO 270001, FedRAMP, and agency guidelines
• Experience applying expertise to support security assurance activities for AWS-hosted systems, Software-as-a-Service paradigms, and products targeting FedRAMP designation
• Experience advising on the development of system architectures to meet security best practices and enhance our products' risk postures
• Experience developing System Security Plans (SSPs), supporting security artifacts and evidence, risk reports, and continuous monitoring processes to maintain compliance accreditations
• Experience proactively collaborating with technical and business stakeholders to execute compliance requirements in accordance with security best practices
• Experience persisting through both internal and external blockers in order to ensure successful achievement of strategic security initiatives
• Experience developing a world-class cybersecurity and risk management program for a nascent enterprise engineering department
• Experience managing security personnel and team members including engineers, architects, developers, testers, ISSOs, and TPM to execute key security initiatives
• Experience working within the Risk Management Framework (RMF), NIST SP 800-53, Security Technical Implementation Guides (STIGs), and other relevant Federal/Defense frameworks
• Experience working with stakeholders to resolve computer security incidents and vulnerability compliance
• Experience performing security reviews, identifying gaps in security architecture, and issuing guidance on risk management strategy
• Experience successfully implementing the functionality of security requirements and appropriate IT policies and procedures to be consistent with enterprise objectives
• Experience conducting vulnerability scans (i.e., Qualys, Nessus, etc.) and managing responses to system vulnerabilities
• Experience operating within AWS/Azure services, enterprise networking paradigms, and modern identity management frameworks (Okta, MFA, SSO, etc.)
• Experience mitigating system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting)
• Experience managing incident response, business continuity, disaster recovery, and root cause analysis initiatives
• Experience implementing cyber defense and information security policies, procedures, and regulations
• Experience architecting Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
• Experience configuring network protocols including TLS, TCP/IP, DHCP, DNS, and directory services
• Experience with cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity
• Experience operating security monitoring and SIEM tools (e.g., Splunk, GuardDuty, CloudTrail)
• CISSP and/or SSCP certification preferred

Bidscale team members operate with the following values:

• #MissionFocus: We operate knowing that our work is critically important.
• #MasterCraft: We work together to become masters of our respective crafts.
• #WorkBackwards: We see the future, strategically envision our end state, and work backwards with intent.
• #DoBeautiful: We believe that if it's worth doing, it's worth doing beautifully and elegantly.
• #Perseverance: We overcome the impossible through brilliance, grit, and class.
• #CelebrateUs: We celebrate triumphs, differences, and balance.
• #OneTeam: We are one team and we play to win big.