- The candidate shall ensure the Grants.gov system adheres to all applicable federal and agency regulations, policies, standards and requirements with regards to IT system security, privacy, and compliance.
- The candidate shall manage the security-related processes required for obtaining an ATO for the Grants.gov system.
- The candidate shall support and facilitate the security control assessment activities including participating in interviews, providing evidence of implementation of controls, and providing support for systems and platforms verification scans.
- The candidate shall analyze and remediate any security findings (POA&Ms) in order to obtain the ATO.
- The candidate shall ensure the confidentiality, reliability, integrity, availability, and performance of the Grants.gov system.
- The candidate shall perform information security risk management, vulnerability management, incidence response, disaster recovery and data backup planning and operations.
- The candidate shall deliver Security Documentation as required by federal standards and directed by the client, any documentation required for ATO or on-going authorization including the System Security Plan, Incident Response Plan, Configuration Management Plan, Contingency Plan, HW/SW list, and Contingency Plan Test Results
- Help product engineering teams adopt and integrate security capabilities into their product and software development lifecycles
- Provide subject matter expertise on secure architecture, design and coding practices based on current knowledge of security threats and vulnerabilities that could impact the technology stack.
- Support definition of Secure SDLC standard to include security architecture, design and coding requirements for infrastructure, application and data to align with application security maturity model and adopt a shift-left approach for security.
- Evaluate various application security tools including SAST, DAST, SCA, IAST and Pen Testing and operationalize security tools for integration with CI/CD.
- Develop security controls and processes for products and services developed and deployed for both on-prem and cloud environments.
- Perform threat modeling, conduct security architecture reviews and provide training to architects and developers to enhance adoption of secure coding practice within the product development lifecycle.
- College Degree or equivalent hands on experience
- 3 to 5 years as Security Engineer supporting large size application with a DR site
- Experience working in a government environment
- Excellent communication skills
- Experience working through the process of obtaining and maintaining an ATO
- Security related training and certifications
- Experience using security tools such as Fortify, WebInspect, FindSecureBugs, CheckStyle, PMD, wireshark, nmap, threadfix, SD Elements
- Experience with DevSecOps
Let us know
Help us maintain the quality of jobs posted on RemoteTechJobs and let us know if:
Piper Companies is looking for a Assistant Director of Portfolio Risk Management for a wealth management organization located in Philadelphia, PA.This is a Remote Opportunity!Responsibilities for the Assistant Director of Portfolio Risk Management:Develop.
Zachary Piper Solutions is seeking a Penetration Tester for a remote job opportunity supporting a government subcontracting company based in Washington, DC. The Penetration Tester will assist with infosec projects across a wide variety of technologies..
GovCIO is a team of transformers-people who are passionate about transforming government I.T. We believe in making a difference by developing digital strategies and delivering the technology-related innovation that improves governmental operations each.
Job Summary: As an Information Systems Security Engineer (ISSE), your primary function is to ensure that the client's new cloud development environment meets all security requirements and specifications according to their Risk Management Framework (RMF)..
Through our dedicated associates, Conduent delivers mission-critical services and solutions on behalf of Fortune 100 companies and over 500 governments – creating exceptional outcomes for our clients and the millions of people who count on them.You have.
Title: Cyber Security EngineerLocation: RemoteDuration: Full TimeWe are looking Cyber Security Engineer at RemoteExperience with developing and implementing a comprehensive Information Security Data Loss Prevention (DLP) program to include defining standards.
More jobs by this company
Overview:We are looking for a Senior React Developer to build engaging user interfaces that are usability focused, highly reusable, and easily maintained. You will work collaboratively within the Software Development Team charged with the design, integration,.
Overview:Working on a product team charged with the design, integration, production, testing, and deployment of cyber training software. This role entails creating engaging visual designs for web apps and training content while ensuring the optimal user.
Overview:By Light is seeking an Oracle Database Administrator to join our team. Primary job duties will be to provide Oracle/SQL development support and Oracle Database production support.By Light provides a broad range of hardware, software, engineering,.
Overview:By Light is looking for a resource to provide SharePoint and Website front end support to the Department of Veterans Affairs. The ideal candiate will be a team player that is professional, represents themselves well and provides exceptional.
Overview:We are seeking RF Software Engineers to design, implement, and optimize advanced communication systems to meet the mission needs of our U.S. Government customers. We are looking for proficient candidates with past experience in 4G/5G development..