Job Description
Responsibilities:
- Design, develop, and implement secure and compliant cloud architectures on AWS, GCP, and Azure adhering to FISMA and FedRAMP security controls
- Conduct threat modeling and security assessments of cloud deployments to identify and mitigate vulnerabilities
- Select and configure appropriate AWS security services like IAM, KMS, Security Groups, WAF, and CloudTrail to meet compliance requirements
- Implement data encryption strategies at rest and in transit, ensuring data protection aligns with FISMA and FedRAMP guidelines
- Integrate enterprise security solutions (e.g. Splunk, Tenable, etc) for cloud security monitoring and incident response
- Automate security configurations and enforce security best practices through infrastructure as code (IaC) tools, ensuring compliance automation
- Develop and implement incident response plans for cloud security threats, aligned with FISMA and FedRAMP incident reporting procedures
- Stay up-to-date on the latest AWS security features, vulnerabilities, and compliance updates for FISMA and FedRAMP
- Provide security guidance and expertise to developers, operations teams, and other stakeholders, fostering a culture of security awareness
- Develops security requirements for applications migrating from on-prem implementations to the cloud
Qualifications
- 5+ years of experience in information security, with a minimum of 3 years focused on cloud security
- Proven experience designing and implementing secure cloud architectures on AWS, with a strong understanding of FISMA and FedRAMP compliance frameworks
- In-depth knowledge of AWS security best practices, compliance frameworks (e.g., PCI-DSS, HIPAA), and the ability to map them to FISMA and FedRAMP controls
- Experience with cloud security tools like IAM roles, KMS encryption, Security Groups, WAF, CloudTrail, and Config
- Experience with security automation tools, infrastructure as code (IaC) methodologies, and compliance automation
- Excellent communication, collaboration, and problem-solving skills
Desired Requirements
- AWS Certified Security - Specialty certification
- Experience with cloud security posture management (CSPM) tools
- Experience with security incident and event management (SIEM) solutions
- Experience with cloud workload protection platforms (CWPP)
- Experience with container security (Docker & Kubernetes)
NetVision Resources, Inc. (NVR) is a fast growing, IS9001, IS20000, CMMI DEV/2, MBE certified technology consulting and software development firm, based out of the DC Metro area. To know more, please visit: www.netvisionresources.com
