Cybersecurity Professional

Location: Norfolk, VA

Our client delivers high-impact, technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth, we are known for continuous innovation for our government customers, in both the US and abroad. Our exceptionally talented team is highly collaborative in spirit and practice, producing Results that Matter. Come work with the best! We offer opportunity, unique challenges, and clear-sighted commitment to the mission.

The Joint, Office of the Secretary of Defense, Interagency Division (JOID) provides expert support services to a range of customers spanning across the Department of Defense, Federal, Civilian, and International markets. JOID provides a diverse portfolio of analytical and programmatic capabilities to help our customers make informed decisions on their most challenging issues.

NATO HQ SACT's Innovation Lab (iHub), built on the concept of Open Innovation, is providing to its operational customers a catalogue of innovative products and services. The iHub products, also known as Minimum Viable Products (MVPs), are developed following best industry, Agile DevSecOps methods with strong focus on rapid, iterative delivery that meets customers’ requirements.

Our client has an immediate need for a Medior Security Professional to support HQ SACT's Innovation Hub onsite in Norfolk, VA.

Responsibilities:

The onsite Medior Security Professional will assess and enhance security for the Innovation Hub Laboratory Capability through implementing security-first policies in the Innovation Hub. The successful candidate will collaborate with relevant (NATO) organizations to achieve ACT cloud-based information system (Platform) and software products accreditation, and to obtain NATO specific Approval for Testing. They will create and maintain necessary security documentation for rapid NATO network deployment and provide security accreditation guidance to the Innovation Hub's platform, infrastructure, and MVP teams throughout product life cycles. They will conduct security risk assessment in support of products/services based on cloud computing architectures (public cloud); in particular, identify the level of threats and vulnerabilities for all the assets comprising products/services, derive the residual risks, and provide risk management recommendations.

Required Qualifications:

• Active NATO or National Secret (or higher) security clearance
• Bachelor's or Master's degree in Information and Communication Technologies (ICT), Computer Science, or related discipline; OR 8 years of experience as a Security Professional
• Proven knowledge of software development (Agile/DevSecOps) as, for example, Developer or Solution/Software Architect, and their relevancy to security
• Experience working as a Security Professional within the NATO enterprise and knowledge of NATO or military experience pertaining to cybersecurity and Security Policy and supporting directives
• Able to identify, engineer, implement, and monitor security measures for the protection of computer systems, networks, and information, based on security risk assessment methodologies and tools
• Knowledgeable about (self-hosted) cloud native applications, and associated production cycles
• Knowledgeable about industry standard security tools (SonarQube, Nessus, etc.) and able to create tailored configurations applicable to specific information systems
• Proven knowledge with modern software solutions, technologies, and concepts (anti-virus software, intrusion detection, firewall, content filtering, Cloud, Docker, IdAM, Proxy, CI/CD, technology stacks, and other relevant technical concepts) and their relevancy to security
• AWS (or similar) Security Specialties certification

Desired Qualifications:

• Knowledge of information security management frameworks ISO/IEC 27001 and/or ISO/IEC 27005 and/or an (active) CISSP certification
• Experience with Agile teams and Minimum Viable Products (MVPs)
• Experience with or knowledgeable about NATO's standards for security