Cloud Security Subject Matter Expert

Type of Requisition:

Regular

Clearance Level Must Currently Possess:

None

Clearance Level Must Be Able to Obtain:

None

Public Trust/Other Required:

None

Job Family:

Solutions Architect

Job Qualifications:

Skills:

Cloud Applications, Cloud Infrastructure, Cloud Security, Information Technology Security, Security Standards

Certifications:

None

Experience:

10 + years of related experience

US Citizenship Required:

No

Job Description:

The CMM Cloud Security SME will work as part of an agile development team to build and support the modernization of enterprise-class software applications.

The successful candidate shall be capable of providing technical cloud security subject matter expertise to meet current and future security design and architecture requirements for IaaS, PaaS, and SaaS implementations. The candidate shall have experience with designing and implementing security measure to protect data as it moves from on-premises data center servers to cloud storage systems.  The candidate shall have experience with network security and security compliance.

This role provides expert advisory services to ensure secure design and deployment of cloud-based systems, incorporating secure-by-design principles such as access control, encryption, and identity management. The SME conducts thorough threat and vulnerability assessments, monitors risks, and ensures compliance with federal cybersecurity standards and Judiciary frameworks.

Key responsibilities include designing secure cloud architectures, performing risk assessments using enterprise tools, and coordinating with ITSO and CISA to validate system security through independent evaluations. The SME creates essential security documentation, including System Security Plans, Business Continuity Analyses, and Disaster Recovery Plans, and delivers a quarterly Cloud Security Roadmap. Operational support covers cloud firewalls, ACLs, SSL, API endpoints, authentication procedures, private image management, and secure network segmentation.

In addition, the Cloud SME will execute the following responsibilities:

• Provide technical advisory services to securely design, implement, maintain, or modify various national applications and infrastructure environments.
• Provide subject matter expertise for implementing secure by design concept into product development by the product teams. This includes:
• Security design principles: Designing cloud infrastructure with security in mind, such as through network segmentation, access control, and encryption.
• Identity, Credential, and Access Management (ICAM): Controlling and managing user access to cloud resources.
• Data protection: Protecting sensitive data through encryption, data masking, and access control.
• Threat and vulnerability management: Identifying and mitigating potential security threats and vulnerabilities through regular vulnerability scans and security assessments.
• Compliance and governance: Ensuring compliance with relevant regulations and standards.
• Identify potential vulnerabilities and threats to existing and proposed technologies to improve overall security posture through continuous monitoring and monthly reports.
• Perform risk assessments using AO enterprise tools and standard methods to periodically re-evaluate the system’s sensitivity, risks, and mitigation strategies and assess the impact of new requirements for CMSO national applications.
• Coordinate with the IT Security Office (ITSO) and Cybersecurity and Infrastructure Security Agency (CISA) to ensure that independent risk assessments of system security features are performed regularly and maintain documentation of the results.
• Propose risk mitigation activities for non-production and production environments.
• Validate successful implementation of risk mitigation activities for non-production and production environments.
• Provide in-depth domain expertise and promote AO and industry cyber-security best practices to support development teams and collaborate with technical infrastructure staff to ensure the project environments meet AO infrastructure and Software Development Life Cycle (SDLC) requirements.
• Design system security architectures to include the software, hardware, and communications to support the requirements and provide for present and future cross-functional needs and interfaces.
• Support the development of cross-functional or large-scale automated information systems to include cross-organizational architectures and enterprise tools.
• Evaluate system alternatives and assessment of risks and costs for cyber security technologies.
• Monitor and investigate potential security incidents using enterprise cyber security tools and dashboards.
• Provide, maintain, and update Cybersecurity Incident Response Plan (“CIRP”).
• Development and provision of Runbook.
• Maintain and update Runbook as required due to Changes including Use Case development, integration of new log sources and devices.
• Support implementation of CIRP in accordance with the Runbook.
• Report incident monitoring monthly and draft incident reports within 72 hours of an incident during investigations.
• Support the security automation activities for legacy systems to improve continuous monitoring and maintain a robust security posture.
• Create Cloud Security Documents: System Security Plan, Business Continuity Analysis, Disaster Recovery Plan, other documents required for Authority to Operate (ATO).
• Create a Cloud Security Roadmap and provide updates quarterly.
• Provide support to implement the Judiciary Information Security Framework controls. Document all the Cyber Security Control Artifacts as implemented.
• Provide support to develop the design and architecture of security environment for cloud environment.
• Provide support for activities to gain organizational approval for the design and architecture of security requirements for cloud environment.
• Adhere to product teams Information Security policies and procedures for data sanitization and disposal.
• Provide operational support for network and web application firewalls and Access Control Lists (ACLs), Secure Socket Layer (SSL) and Application Programming Interface (API) endpoints.
• Document the measures it takes to protect product team's data from its employees and personnel.
• Provide operational support for Identity and authentication procedures like local Identity management and granular role-based authentication along with integration of on-premises Active Directory (AD) for cloud service account management.
• Provide operational support to enable product teams to maintain a private image catalog of instances that are not accessible to other cloud product teams.
• Provide support for multi-segment networks and multiple subnets per virtual network along with Virtual network routing.
• Provide product teams approved data retention standard for logging.
• Document Standard Operating Procedures.
• Experience with performing security risk and capability benefit analysis to establish security baseline for an API management of cloud applications.
• Experience with developing cloud security policies and establishing cloud security strategies.

QUALIFICATIONS

• 10+ years of general experience in information systems
• 8+ years of specialized experience
• Minimum Education: MA/MS
• Experience may be considered in lieu of degree as follows: HS (16+ years), AA/AS (14+ years), BA/BS (12+ years), Doctorate Degree/Ph.D. (9+ years)
• Preferred certifications for one or more of the following cloud platforms: Microsoft Azure Security Engineer, Google Cloud Security Engineer, Amazon Web Services (AWS) Certified Security, and Oracle Cloud Infrastructure Security Expert.

The likely salary range for this position is $166,816 - $218,500. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:

40

Travel Required:

None

Telecommuting Options:

Remote

Work Location:

Any Location / Remote

Additional Work Locations:

Total Rewards at GDIT:

Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. GDIT typically provides new employees with 15 days of paid leave per calendar year to be used for vacations, personal business, and illness and an additional 10 paid holidays per year. Paid leave and paid holidays are prorated based on the employee’s date of hire. The GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.

Join our Talent Community to stay up to date on our career opportunities and events at

gdit.com/tc.

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans