Cloud Security Control Assessor

Requires US Citizenship

Employment Term and Type: Regular, Full Time

Required Security Clearance: DoD TS SCI clearance w/poly or the ability to obtain poly and MEAD clearance. DoD TS SCI w/poly preferred

Required Education: Minimum 12 years' experience with BS/BA; 10 years with MS/MA; 7 years with Ph.D



Athena Technology Group, Inc. is a Service-Disabled Veteran Owned /Small Business (SDVOSB) focused on Information Technology and Communications consulting, system engineering, integration, deployment and operations of stat of the art command and control and information systems that deliver critical network centric solutions to the warfighter. With a proven track record of technical support to our customers, we are looking for innovative industry professionals to join our team.



JOB DESCRIPTION:

• Conduct Cloud assessments and facilitate risk mitigation planning


• Provide Assessment and Authorization (A&A) for the ARCYBER cloud infrastructure


• Execute a security control assessment plan and update the System Security Plan


• Review vulnerability scans and remediation


• Implement risk management programs by utilizing NIST, FISMA, HIPAA, and PII -- and document solutions


• Monitor the privacy landscape regarding all data (privacy, protection, classification, and residency)


• Assist clients with identifying gaps within existing privacy programs and designing solutions to help address those challenges


• Scan, test, and validate systems/networks/applications to obtain/maintain an ATO under NIST/FISMA guidelines

REQUIRED EXPERIENCE:

• Minimum of 12 years' experience with BS/BA; Minimum of 10 years with MS/MA; Minimum of 7 years with Ph.D.


• Must have knowledge of enterprise solutions across multiple cloud operating environments (JWICS, SIPRNET, NIPRNET, and commercial Internet)


• Must have eMASS, ACAS, and ISC2 Certified Cloud Computing Professional (CCSP) or CompTIA Cloud+ experience


• Must have knowledge in the following areas (via skills assessment):
  
  
  
  • Knowledge of computer networking and/or cloud computing concepts and protocols, and network security methodologies
  
  
  • Knowledge of cyber threats and vulnerabilities in a virtualized environment
  
  
  • Knowledge of cybersecurity principles
  
  
  • Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity
  
  
  • Knowledge of risk management framework processes (e.g., methods for assessing and mitigating risk)
  
  
  • Knowledge of specific operational impacts of cybersecurity lapses
  
  
  • Knowledge of industry methods for evaluating, implementing, and disseminating Information Technology (IT) security assessment, monitoring, detection, and remediation tools and procedures using standards-based concepts and capabilities
  
  
  • Knowledge of cyber defense and vulnerability assessment tools, including opensource tools, and their capabilities
  
  
  • Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
  
  
  • Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data in a cloud environment
  
  
  • Knowledge of IT and cloud computing security principles and methods (e.g., firewalls, demilitarized zones, encryption)
  
  
  • Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins
  
  
  • Knowledge of network and/or cloud computing environment security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
  
  
  • Knowledge of organization's evaluation and validation requirements
  
  
  • Knowledge of penetration testing principles, tools, and techniques
  
  
  • Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.
  
  
  • Knowledge of Risk Management Framework (RMF) requirements
  
  
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return oriented attacks, malicious code)
  
  
  • Knowledge of the Security Assessment and Authorization process
  
  
  • Skill in determining how a security and/or cloud computing security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes
  
  
  • Skill in discerning the protection needs (i.e., security controls) of information systems and networks and those relating to cloud computing
  
  
  • Knowledge of IT supply chain security and risk management policies, requirements, and procedures
  
  
  • Knowledge of local specialized system requirements (e.g., critical infrastructure systems that may not use standard IT) for safety, performance, and reliability
  
  
  • Knowledge of new and emerging IT and cybersecurity technologies and/or those technologies specific to cloud computing
  
  
  • Knowledge of organization's enterprise and/or cloud computing information security architecture system
  
  
  • Knowledge of Personal Identifiable Information (PII) data security standards
  
  
  • Knowledge of Personal Health Information (PHI) data security standards
  
  
  
  

• Minimum of BS/BA. See above for minimum required experience based on degree type

• Must have current IAM level III certification (such as CISM)

US Citizenship and DoD TS SCI clearance w/poly or the ability to obtain poly and MEAD clearance are required for this position. Active DoD TS SCI w/poly is preferred. Salary will be commensurate with experience.



Company Overview: Athena Technology Group, Inc. (ATG) is a Service-Disabled Veteran Owned Small Business (SDVOSB) focused on Information Technology and Communications consulting, system engineering, integration, deployment and operation of state-of-the-art command and control and information systems that deliver critical network centric solutions to the warfighter. With a proven track record of technical support to our customers, we are looking for innovative industry professionals to join our team.



ATG offers a generous compensation package including health, dental, vision, 401(k), group life insurance, educational reimbursement, among other benefits.



We value our employees and strive to offer many opportunities for professional growth.



ATG is an Equal Opportunity/Affirmative Action Employer Minorities/Females/Vets/Disability

(*)