Basecamp Consulting & Solutions LLC
Cyber Security Engineer
Basecamp Consulting & Solutions LLC, Reston, Virginia, United States, 22090
Benefits:
401(k) matching
Competitive salary
Paid time off
Reports to:
Account Executive
Status:
Permanent, Full-time
Location:
Hybrid (1-2 Days a week onsite, Northern Virginia)
ORGANIZATIONAL BACKGROUND
Established in August 2016, Basecamp Consulting and Solutions, LLC is a dynamic Information Technology (IT) consulting firm committed to delivering results for our clients. Specializing in next-generation IT and digital transformation solutions, Basecamp Consulting and Solutions is dedicated to helping clients achieve success through trust, innovation, quality work, and a steadfast commitment to results.
At Basecamp, we believe in the power of emerging technologies to propel our clients toward their goals. Our focus lies in business and IT modernization, utilizing Cloud solutions, cybersecurity, and cutting-edge application development.
POSITION OVERVIEW
Reporting to the Account Executive, the Cyber Security Engineer will play a crucial role in ensuring the integrity, confidentiality, and availability of our federal client's information systems, specifically supporting our customer’s Cybersecurity initiatives including: Cybersecurity Oversight, Policy Compliance Assessment, Secure Development Practices Auditing, Secure Coding Standards Evaluation, Security by Design Assessment, Vulnerability Management Audits, Cloud-Native Security Evaluation, Container Security Audits, Cloud Configuration Review, Data Security and Encryption Evaluation, Threat Modeling and Risk Assessment.
DUTIES AND RESPONSIBILITIES
Cybersecurity Oversight:
Serve as the lead cybersecurity assessor, evaluating and ensuring that all microservice applications strictly adhere to established cybersecurity policies and industry best practices.
Policy Compliance Assessment:
Conduct thorough assessments of development processes to verify that cybersecurity requirements are fully integrated throughout the application development lifecycle, ensuring compliance with government and agency-specific regulations.
Secure Development Practices Auditing:
Audit and evaluate the implementation of secure coding practices and security testing within containerized application environments. Provide assessments and recommendations to improve these practices.
Secure Coding Standards Evaluation:
Assess the adoption and implementation of secure coding standards across development teams. Evaluate practices such as input validation, secure data handling, and error management, and provide detailed feedback to enhance security.
Security by Design Assessment:
Review and assess the integration of security principles from the start of the software development lifecycle (SDLC). Work with architects and developers to identify potential security gaps in the design phase and recommend corrective actions.
Vulnerability Management Audits:
Conduct audits of the vulnerability management strategy, assessing the thoroughness of continuous vulnerability scanning and the timeliness of patching throughout the application lifecycle.
Cloud-Native Security Evaluation:
Assess the security of cloud-native solutions, focusing on the use of cloud provider security services and configurations. Provide detailed evaluations on how well these measures enhance the security posture of microservice applications.
Cloud Architecture Security Assessment:
Evaluate the security of cloud-native architectures, assessing the use of cloud security features like IAM, encryption, and network security. Provide assessments and recommendations to ensure these architectures are robust and compliant.
Container Security Audits:
Conduct thorough assessments of containerized application security within cloud environments. Review the use of secure base images, automated vulnerability scanning, and the application of security controls within container orchestration platforms like Kubernetes.
Cloud Configuration Review:
Assess the security configurations of cloud services, ensuring that resources are properly secured through stringent access controls, encryption standards, and monitoring practices. Provide detailed feedback on areas needing improvement.
IAM Policy Assessment:
Conduct assessments of Identity and Access Management (IAM) policies in cloud environments, ensuring that principles like least privilege and multi-factor authentication are effectively protecting sensitive resources.
Data Security and Encryption Evaluation:
Assess the security measures for protecting data within cloud-native applications, including encryption at rest and in transit, data masking, and secure key management practices. Provide recommendations to enhance data security.
Threat Modeling and Risk Assessment:
Conduct in-depth threat modeling and risk assessments to identify potential security vulnerabilities in application designs. Provide expert evaluations and recommend mitigation strategies to address identified risks.
QUALIFICATIONS
Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field.
Minimum of 5 years of experience as an ISSO or in a similar role, with specific experience in FISMA, FedRAMP and Security Assessment and Authorization processes.
Strong understanding of NIST guidelines, particularly those related to federal information system standards.
Certified Information Systems Security Professional (CISSP) or similar security certification is highly preferred.
Proven ability to assess risks and implement effective risk management measures.
Exceptional problem-solving skills and the ability to work under pressure.
Excellent communication skills, capable of working effectively with multi-disciplinary teams.
COMPENSATION AND WORKING CONDITIONS
Competitive health and medical benefits package and paid-time off. Other internal benefits include access to professional development funds and organizational trainings as available.
Working standard office hours with start and end time flexibility (40 hrs/week).
Physical/cognitive demands include use of typical office equipment, prolonged periods of sitting and working on a computer/telephone, high degree of concentration and attention to detail.
Psychological demands include deadline drive requirements, capacity to organize and prioritize own work, adaptable to change and ability to set and work towards performance and development goals.
Basecamp Consulting and Solutions is committed to principles of equity and inclusion. We strive to create a workplace where everyone feels safe and empowered. We will be prioritizing applications from individuals with diverse backgrounds, including racialized populations, Veterans, and 2SLGBTQ+.
Flexible work from home options available.
#J-18808-Ljbffr
401(k) matching
Competitive salary
Paid time off
Reports to:
Account Executive
Status:
Permanent, Full-time
Location:
Hybrid (1-2 Days a week onsite, Northern Virginia)
ORGANIZATIONAL BACKGROUND
Established in August 2016, Basecamp Consulting and Solutions, LLC is a dynamic Information Technology (IT) consulting firm committed to delivering results for our clients. Specializing in next-generation IT and digital transformation solutions, Basecamp Consulting and Solutions is dedicated to helping clients achieve success through trust, innovation, quality work, and a steadfast commitment to results.
At Basecamp, we believe in the power of emerging technologies to propel our clients toward their goals. Our focus lies in business and IT modernization, utilizing Cloud solutions, cybersecurity, and cutting-edge application development.
POSITION OVERVIEW
Reporting to the Account Executive, the Cyber Security Engineer will play a crucial role in ensuring the integrity, confidentiality, and availability of our federal client's information systems, specifically supporting our customer’s Cybersecurity initiatives including: Cybersecurity Oversight, Policy Compliance Assessment, Secure Development Practices Auditing, Secure Coding Standards Evaluation, Security by Design Assessment, Vulnerability Management Audits, Cloud-Native Security Evaluation, Container Security Audits, Cloud Configuration Review, Data Security and Encryption Evaluation, Threat Modeling and Risk Assessment.
DUTIES AND RESPONSIBILITIES
Cybersecurity Oversight:
Serve as the lead cybersecurity assessor, evaluating and ensuring that all microservice applications strictly adhere to established cybersecurity policies and industry best practices.
Policy Compliance Assessment:
Conduct thorough assessments of development processes to verify that cybersecurity requirements are fully integrated throughout the application development lifecycle, ensuring compliance with government and agency-specific regulations.
Secure Development Practices Auditing:
Audit and evaluate the implementation of secure coding practices and security testing within containerized application environments. Provide assessments and recommendations to improve these practices.
Secure Coding Standards Evaluation:
Assess the adoption and implementation of secure coding standards across development teams. Evaluate practices such as input validation, secure data handling, and error management, and provide detailed feedback to enhance security.
Security by Design Assessment:
Review and assess the integration of security principles from the start of the software development lifecycle (SDLC). Work with architects and developers to identify potential security gaps in the design phase and recommend corrective actions.
Vulnerability Management Audits:
Conduct audits of the vulnerability management strategy, assessing the thoroughness of continuous vulnerability scanning and the timeliness of patching throughout the application lifecycle.
Cloud-Native Security Evaluation:
Assess the security of cloud-native solutions, focusing on the use of cloud provider security services and configurations. Provide detailed evaluations on how well these measures enhance the security posture of microservice applications.
Cloud Architecture Security Assessment:
Evaluate the security of cloud-native architectures, assessing the use of cloud security features like IAM, encryption, and network security. Provide assessments and recommendations to ensure these architectures are robust and compliant.
Container Security Audits:
Conduct thorough assessments of containerized application security within cloud environments. Review the use of secure base images, automated vulnerability scanning, and the application of security controls within container orchestration platforms like Kubernetes.
Cloud Configuration Review:
Assess the security configurations of cloud services, ensuring that resources are properly secured through stringent access controls, encryption standards, and monitoring practices. Provide detailed feedback on areas needing improvement.
IAM Policy Assessment:
Conduct assessments of Identity and Access Management (IAM) policies in cloud environments, ensuring that principles like least privilege and multi-factor authentication are effectively protecting sensitive resources.
Data Security and Encryption Evaluation:
Assess the security measures for protecting data within cloud-native applications, including encryption at rest and in transit, data masking, and secure key management practices. Provide recommendations to enhance data security.
Threat Modeling and Risk Assessment:
Conduct in-depth threat modeling and risk assessments to identify potential security vulnerabilities in application designs. Provide expert evaluations and recommend mitigation strategies to address identified risks.
QUALIFICATIONS
Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field.
Minimum of 5 years of experience as an ISSO or in a similar role, with specific experience in FISMA, FedRAMP and Security Assessment and Authorization processes.
Strong understanding of NIST guidelines, particularly those related to federal information system standards.
Certified Information Systems Security Professional (CISSP) or similar security certification is highly preferred.
Proven ability to assess risks and implement effective risk management measures.
Exceptional problem-solving skills and the ability to work under pressure.
Excellent communication skills, capable of working effectively with multi-disciplinary teams.
COMPENSATION AND WORKING CONDITIONS
Competitive health and medical benefits package and paid-time off. Other internal benefits include access to professional development funds and organizational trainings as available.
Working standard office hours with start and end time flexibility (40 hrs/week).
Physical/cognitive demands include use of typical office equipment, prolonged periods of sitting and working on a computer/telephone, high degree of concentration and attention to detail.
Psychological demands include deadline drive requirements, capacity to organize and prioritize own work, adaptable to change and ability to set and work towards performance and development goals.
Basecamp Consulting and Solutions is committed to principles of equity and inclusion. We strive to create a workplace where everyone feels safe and empowered. We will be prioritizing applications from individuals with diverse backgrounds, including racialized populations, Veterans, and 2SLGBTQ+.
Flexible work from home options available.
#J-18808-Ljbffr