SAIC is seeking a Cloud Cyber Security Engineer to join our Cyber Practice. Are you a cloud practitioner seeking to improve your cyber skills, knowledge and understanding? Perhaps a software developer or programmer looking to branch out into cyber and or cloud? Or maybe you're a cyber-professional that has some cloud experience and are looking to leverage your understanding of cybersecurity principles and best practices and apply them in the cloud context. If any of these describes you, we want to hear from you! This position will contribute in one or more of the following areas of IT Security:
Governance, Risk Management and Compliance: Support the use of NIST 800-37 Risk Management Framework (RMF) and its use to support the assessment and authorization of NIST and RMF-based system security plans and documents for multiple organizations within the Federal Civilian and DoD market space.
Security Operations: Support basic network and cloud security best practices; network segmentation, Zero Trust Architecture, firewall, next generation firewall, SIEM, log collection and correlation, incident management, and vulnerability management. And support cloud native tools designed to provide these services
Application Security: Support application security tools and concepts as part of the continuous integration/continuous delivery (CI/CD) pipeline, including; threat modeling, static analysis security testing (SAST), dynamic analysis security testing (DAST)
- Understanding and operation of cloud native security tools within the operate various AWS cloud resources
- Deploy, and operate cloud-native web applications and SaaS cybersecurity solutions.
- Design connectivity solutions between cloud services provider and on-premise networks
- Align compliance activities to all phases of the Software Development Life Cycle (SDLC) to facilitate authority to operate (ATO)
- Support the development team in the use & debugging of CI/CD pipelines
- Prepare design documentation, e.g. diagrams and specifications
- Bachelors degree in cyber security, computer science, or related field and at least 9 years of experience performing a variety of tasks within the are of information system and information technology.
- A clearance is not currently required for this position. However, there may be either the need or opportunity for the successful candidate to obtain and maintain a Top-Secret security clearance.
- Basic understanding and familiarity with NIST Special Publications relating to ongoing authorizations (800-37, 800-39, 800-53 / 53A, 800-137, 800-171)
- General working knowledge of NIST 800-53 controls and the RMF process
- Understanding of and experience working with the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) and Consensus Assessments Initiative Questionnaire (CAIQ).
- Familiarity with the FedRAMP standard and its processes and procedures
- A basic understanding of the risk management process
- Governance, Risk, and Compliance (GRC) Tools (e.g. eMASS, CSAM, MCCAST, RSA Archer, Xacta)
- Experience with vulnerability scanning, digital forensics and intrusion detection tools
- Four (4) or more years of experience in AWS or other cloud service provider (Azure, GCP, Oracle)
- In-depth knowledge of Windows and Linux operating systems
- Experience with various endpoint security, vulnerability, and enumeration tools (e.g., Tenable Nessus, ACAS, Splunk)
- Experience with Infrastructure as Code tooling such as Terraform, Helm, Ansible, or similar
- Demonstrated proficiency coding in a scripting language; Shell, Powershell, Python, PHP or similar
- Experience working in cross-functional teams utilizing the Agile methodology (sprints, scrum, kanban) * Excellent critical thinking and analysis skills
- Strong written and oral communication skills
Training and Certifications - Two (2) or more of the following:
- ISC2 Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP)
- Cloud Security Alliance, Certificate of Cloud Security Knowledge (CCSK)
- AWS and/or Azure Associate Level Certification or higher
- DevOps Institute Certifications, DevOps Foundation, DevSecOps Foundation
- DoD 8570 IAM Level I or higher baseline certification (e.g., Security+ CE), additional training and/or certifications may be required within 6 months of hire; acceptable baseline certifications can be found at https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications/
COVID Policy: Prospective and/or new employees are required to adhere with SAIC's vaccination policy. All SAIC employees must be fully vaccinated and they must submit proof of vaccination on their first day of employment. Prospective or new employees may seek an exemption to the vaccination requirement at Contact Us
and must have an approved exemption prior to the start of their employment. Where work is performed strictly at a customer site, customer site vaccination requirements preempt SAIC's vaccination policy.
Target salary range: $125,001 - $135,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions that are critical to achieving our customers' missions.
We are more than 26,500 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a respectful work culture based on diversity, equity, and inclusion that values all contributors. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.1 billion. For more information, visit saic.com.