Amazon Web Services (AWS) is looking for a security assurance specialist focusing on Continuous Monitoring reporting to join our Public Sector Security and Assurance team. As a member of the AWS Public Sector Security and Assurance team, you will join industry-leading security professionals and program managers in raising the bar in our Continuous Monitoring Program. This candidate will interface with US Public Sector Customers and AWS stakeholders to translate and provide exceptional data on how well AWS is securely designed, operated, maintained and protected in accordance with industry security standards. The position requires working with AWS service teams to lead them through security assessments, performing technology reviews with external auditors and developing new solutions that transforms continuous monitoring. You will work with AWS service teams located in both Herndon, VA and Seattle, WA to assist them in understanding Federal security requirements, document security control implementations, and coordinate technical exchanges with independent assessment teams.
Manage complex cross-team security assurance and compliance initiatives within internal and external teams. Interface with key stakeholders to estimate work efforts, define milestones and manage resources. Track progress, understand dependencies, evaluate risks and communicate status to upper management and project stakeholders.
Provide consultative support to internal teams and business partners to identify opportunities for control improvements with the objective of mitigating, improving operational performance.
Understand and evaluate security and compliance implementations and propose technical alternatives that address applicable public sector compliance programs (FISMA, FedRAMP).
Develop broad domain and technical knowledge in AWS security solutions.
Facilitate knowledge management, use key metrics and effective communication to improve project delivery.
Monitor, evaluate, and continuously improve the organization by being a trusted advisor, facilitator and creative problem solver. Implement continuous improvements to the security organization and the program management process. Share program/project process frameworks, tools, and best practices that can be adopted throughout the organization
· Bachelor’s Degree in Information Systems Management, IT Security, Business Management, or other related fields.
· Experience in preparing, reviewing and managing continuous monitoring reports.
· Experience with Nessus, Tenable, Qualys, Nexpose, Burp Suite, etc. NIST CVSS, CIS, CVE
· Experience applying and incorporating new and emerging cybersecurity technologies and trends into proposed solutions
· Understanding of network security, security lifecycle management
· Experience in supporting technical assessments and audits of network, operating systems, and/or application security; experience in working directly with government officials and/or auditors. Experience with cloud computing services/deployment architecture
· Experience in pen-testing, security testing and evaluation, security control assessment, independent verification and validation, POAM management and execution
· Experience with Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), Risk Management Framework (RMF), Department of Defense Security Requirements Guide (SRG), Continuous Monitoring Reporting
· Experience with security IT audits, the development and management Plans Actions and Milestones (POAMs)
· Experience in reviewing federal and DOD security packages.
· Attention to detail, strong verbal and communication skills