AWS Security Engineer

About Peraton

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.

Responsibilities

Peraton is currently seeking skilled and qualified candidates for our AWS Security Engineer position. The AWS Security Engineer is part of the PERATON DHS' Security team and plays a Cybersecurity operational compliance role within the Citizen Security and Public Services Sector (CS&PSS). The position is responsible for performing as a named ISSO for a Government Systems and assisting other ISSOs with end-to-end Governance Risk and Compliance (GRC) functions that entails security control implementation, continuous monitoring, and federal Assessment and Authorization (A&A) activities.

Day to Day Work Responsibilities:

• Works closely under the supervision of Cybersecurity Manager and with other security personnel within Peraton CS&PSS Sector to ensure operational security measures are implemented.
• Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing.
• Reviews and continuously monitors implemented security controls.
• Creates and maintains security checklists, templates, and other tools to aid in the A&A process.
• Performs security control assessment using Agency guidelines/NIST guidance and as per continuous monitoring requirements.
• Performs risk analyses to determine and recommends essential safeguards.
• Proactively mitigates system vulnerabilities and recommends compensating controls.
• Prepares security authorization packages in accordance with the client contractual requirements.
• Develops core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
• Maintains client-specific Plan of Action and Milestones and supports remediation activities.
• Maintains an inventory of hardware and software for the information system.
• Develops, tests and trains on Contingency and Incident Response planning.
• Experience working with the National Institute of Standards National Institute of Standards and Technology (NIST) and Federal Information Security Management Act (FISMA) requirements and reporting.
• Experience in managing security Certification and Accreditation activities utilizing common control frameworks.
• Experience with risk mitigation and selecting or designing appropriate security controls for implementation.
• Experience applying cloud security concepts, requirements, design development, implementation, and integration for existing and new technology product offerings.
• Experience with overseeing compliance programs in Microsoft Azure, Amazon AWS, PCI DSS, and FedRamp cloud environments
• Experience in coordinating, monitoring and tracking security activities across multiple organizations.
• Experience in managing security posture of cloud environment, and working with engineering teams to remediate, and communicating overall risk of environment while identifying areas of improvement.
• Demonstrated understanding and experience with DevSecOps
  
  

Qualifications

Basic Qualifications:

• U.S. citizenship and the ability to obtain/maintain a U.S. government agency level clearance (the DHS EOD, which you must have prior to starting).
• 5 years of relevant Information Technology Experience.
• High school diploma or GED
  
  

Preferred Qualifications:

• Excellent communication skills, self-motivated and tenacious, demonstrate sound judgment and integrity
• Knowledge of the security countermeasures and overall RMF and NIST compliance guidelines
• Ability to influence OCISO Delivery system stakeholders in the execution of security and compliance requirements
• Experience of working with Federal Information Processing (FIPS), FISMA, FedRAMP and Other Cyber Security related laws, regulations and directives
• Experience of presenting at client meetings
• Experience of translating contractual security requirements to deliverables
• Experience with Cyber Security Assessment and Management (CSAM): hands-on experience with CSAM, the DOJ Governance, Risk, and Compliance tool, including its application in managing and accessing cybersecurity risks.
  
  

Some Desired Certifications: CISSP or CISM; At least one Cloud Security Certification: AWS Security Professional; CCSP; MS Azure Security Certification; CCSK, CISA, CRISC, GSEC, ComTIA Sec+

Target Salary Range

$86,000 - $138,000. This represents the typical salary range for this position based on experience and other factors.

SCA / Union / Intern Rate or Range

EEO

An Equal Opportunity Employer including Disability/Veteran.

Our Values

Benefits

At Peraton, our benefits are designed to help keep you at your best beyond the work you do with us daily. We're fully committed to the growth of our employees. From fully comprehensive medical plans to tuition reimbursement, tuition assistance, and fertility treatment, we are there to support you all the way.

• Paid Time-Off and Holidays
• Retirement
• Life & Disability Insurance
• Career Development
• Tuition Assistance and Student Loan Financing
• Paid Parental Leave
• Additional Benefits
• Medical, Dental, & Vision Care