Randstad Technologies is seeking a Security Operations Lead in Atlanta, GA
The Security Operations Lead is responsible for leading program and project initiatives with internal stakeholders and product engineering teams and security analysts as they document implementation of control requirements and supporting the cloud security standards including technical and operational controls for SaaS environments.
- Work with internal stakeholder engineering teams to document the implementation of security compliance control implementations for technical, management, and operational requirements
- Manage and define priorities of work for the team(s) performing security control implementation, penetration testing, and vulnerability scanning for compliance with federal authorization compliance requirements
- Collect and document technical architecture, operational processes and security policies from multiple internal engineering teams
- Reviewing, documenting, analyzing and evaluating business system and user needs in areas of Authorization and Accreditation (A&A) and Plans of Action and Milestones (POA&Ms)
- Work alongside the director and managers to drive projects and serve as the subject matter expertise in customer and internal coordination meetings for federal programs and service offerings
Skills and competencies
- Experienced in writing Technical documentation and knowledge of Cloud and Security concepts
- Experience in leading teams and managing projects/programs
- Experience on NIST SP 800 Series, FedRAMP and FISMA documents
- Experience with writing, editing, and/or managing a wide variety of IT security documentation and familiarity with federal IT standards such as Federal Information Security Management Act (FISMA)
- Experience developing, editing, and revising documentation technical documentation, including as-built documents, system security plans, system architectures, and policies and procedures.
- Experience with the production and/or editing of technical drawings using MS Visio or similar design tools.
- Experience with technical documentation related to FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, continuous monitoring, and POA&M management.
- Understanding of Third-party Assessment Organizations (3PAO)
- National Institute of Standards and Technology (NIST) standards
- DISA Cloud Computing Security Requirements Guide (SRG)
- Experience and familiarity with cloud data security (FISMA/FedRAMP compliance) and working with public cloud solutions (AWS and Azure)
- Deep experience NIST SP 800 Series, FedRAMP and FISMA
General Skills Include
- Demonstrate strong verbal and written communication skills as well as strong analytical and problem solving abilities
- Operational and deployment experience with various security tool platforms and systems
- Ability to work independently or as a member of a team on various tasks.
- Skilled at organizing and translating information into clear written documentation; articulating complex concepts and processes in writing
- Proven ability to effectively research subject matter
- Experience working in a collaborative environment; ability to work well under tight deadlines and effectively interact with a wide range of personnel
- Strong experience with Microsoft product suite, particularly Microsoft Word, PowerPoint and SharePoint
Knowledge, experience and subject matter expertise in the following:
- FedRAMP (Federal Risk Authorization Management Program)
- NIST SP 800-53 Rev 4
- NIST SP 800-37
- FISMA (Federal Information Systems Management Act)
- NIST RMF (Risk Management Framework)
- Supporting Systems Security Assessment and Authorization (SA&A) for Federal Agencies
- NIST FIPS 199, Data Classification
- Privacy Impact Assessment (PIA)
- Bachelor's degree in a relevant field and 8-10+ years' experience (e.g., Computer Science, Information Security, etc.)
- CISSP, CCSP, or equivalent
- Strong understanding of Cloud Security concepts
1) What hours/days will this person be working? 8-5
2) What are the top 3 skills/requirements this person should have? Engineering and analyst background leading multiple technical teams FedRAMP Security tool deployment configuration, AWS cloud deployment knowledge
3) What are the top 3 soft skills this person should have? Communication (written/verbal), leadership, and prioritization
4) What are other requirements?
a) Education level - Bachelor's degree in a relevant field and 8-10+ years' experience (e.g., Computer Science, Information Security, etc.)
b) Previous experience (industry) - high tech, software, cloud computing on enterprise level, regulated environment
5) What is the environment this person will be working in? Team is 6-7 in Atlanta
6) Does this position offer the ability to work remotely on a regular basis or is it an on-site role? Onsite role, remote occasionally