Senior Security Engineer Subject Matter Expert; SME

Join to apply for the Senior Security Engineer Subject Matter Expert (SME) role at 4A Consulting, LLC

1 month ago Be among the first 25 applicants

Join to apply for the Senior Security Engineer Subject Matter Expert (SME) role at 4A Consulting, LLC

This position is on-site when required, otherwise remote. Based in Maryland, you will report directly to the Department of Human Services’ (DHS) Office of Technology for Human Services leadership. Candidates chosen for an interview will meet the Education, General Experience and Specialized Experience requirements provided below.

• Likelihood of at least one on-site interview located in downtown Baltimore, MD.**
  *

• Manage Legacy and Cloud solutions to security strategy, governance and compliance, infrastructure hosting and business processes, requirements gathering, project management, security audits, policies and managing multi-agency relationships.
• Create strategic vision, governance and compliance by providing technical input and documentation support in NIST, FISMA and RMA security policies and procedures to generate Authority to Operate (ATO) for AWS platform, data and applications.
• Manage security controls to provide best practices in encryption of PII and FTI data at rest and in transit to support legislative, IRS and other Federal audits. Provide application development security support including SSL Certificates, vulnerability scanning, penetration testing, database/disk encryption and application scripting security sing Privileged Access Management (PAM). User of firewalls, IPS, VPN and MFA (multi-factor authentication).
• Authorize and manage hosting vendors relating to program objectives, change management, incident management, root cause analysis and consultant hiring.
• Assist in the design, documentation, and implementation of Security tools chosen by OTHS/DHS senior management.
• Motivate and lead cross-functional teams and manage stakeholder groups at various levels of the organization to build trust and forge critical consensus.
• Meets legal, regulatory, and policy mandates.

• Bachelor’s degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline with a preference in information technology.
• Master’s degree is preferred.
• Industry certifications, such as CISSP, CISA, CAP, Security+ are preferred.

• Must have 15 years of experience in the IT field.
• Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Strong business and technical background in Fortune 500 and/or business consulting experience.
• Deep understanding of cybersecurity and the relationship between threat, vulnerability and information value in the context of risk management.
• Strong proficiency with common cybersecurity management frameworks, regulatory requirements, and industry leading practices.
• Ability to handle stress and work well under pressure.
• Critical thinking and listening skills.
• Ability to multi-task.
• Exceptional interpersonal skills with the ability to collaborate well across teams and organizations.
• Leadership experience desired.
• Proven ability to deliver on-time with the highest quality.

• At least 5 years of IT Security related experience.
• At least 2 years of experience in Cloud Security (preferably AWS).
• At least 5 years’ experience in many of the following areas:
• Security architect/design, planning and deployment.
• Vulnerability management.
• VPS, IPS, URL/content filtering, email security, encryption, SIEM, WAF.
• Windows, Linux OS.
• Server hardening/security baseline standards.
• PKI/certificate management.
• Security Operations and Incident Response.
• NIST, FISMA and RMA security policies and procedures.
• Identity and Access Management (MFA, SSO).
• Software development and secure development.
• Threat…