Analista de Application Security Pleno ensuring code integrity and security at Evertec, a tech company for the financial sector in Brazil. Responsible for security scanning, remediation support, and CI/CD integration.
VI
Hybrid Cloud Cybersecurity Manager – Military Community and Family Policy
Posted 4 months ago
About the role
- Cloud Cybersecurity Manager for Vistra Communications, providing cybersecurity oversight for DoD cloud environments. Key responsibilities include leading risk management and compliance initiatives across EC2 and GovCloud.
Responsibilities
- Provide comprehensive cyber and cloud security leadership ensuring all cloud environments are designed, maintained, and operated securely and efficiently.
- Develop and implement the overall cybersecurity strategy aligned with DoD, DISA, NIST (SP 800-53), FISMA, and MC&FP requirements.
- Lead cloud risk management and IT security compliance initiatives, including application of the Risk Management Framework (RMF) across all MC&FP systems.
- Oversee daily monitoring, threat detection, and incident handling for cloud-based resources, including AWS GovCloud environments.
- Implement advanced security architectures for predictive threat detection and proactive incident response.
- Maintain and regularly test contingency plans, disaster recovery (DR), and continuity of operations (COOP) procedures for cloud infrastructure.
- Provide direct support for vulnerability management, penetration testing, and mitigation of security risks.
- Ensure continued Authorization to Operate (ATO) status for cloud systems at relevant impact levels.
- Conduct bi-annual audits of IT and cybersecurity SOPs, documenting and remediating compliance gaps.
- Oversee routine and ad-hoc reporting of compliance status, incidents, and risk metrics through dashboards and official reports.
- Coordinate with Tier 2 CSSPs and government cyber teams to ensure seamless lifecycle management and reporting for incidents and vulnerabilities.
- Adhere to and enforce compliance with all applicable STIGs, SRGs, IAVAs, and other cybersecurity requirements.
- Catalog and inventory all cloud configuration items (CIs), and maintain an up-to-date configuration management (CM) database with strong data integrity and availability measures.
- Oversee review and implementation of secure configurations and baseline management for all cloud resources.
- Serve as Secretariat for the Configuration Control Board (CCB), maintaining records, policies, procedures, and facilitating CCB meetings.
- Manage the change control process for all information systems, networks, and security modifications.
- Lead or support scenario planning exercises, threat simulation labs, and cross-agency security drills.
- Identify and recommend the implementation of emerging security technologies, automation, and best practices to advance security posture.
- Develop and implement automated incident response workflows and playbooks.
- Serve as principal cloud security advisor to leadership, project managers, developers, and IT engineering teams.
- Collaborate with government stakeholders, technical teams, and external partners to ensure secure design, deployment, and operation of cloud systems.
- Provide cloud cybersecurity guidance and training to staff and ensure all stakeholders are informed of their security responsibilities.
- Ensure that account provisioning, privilege management, and access controls for cloud systems are implemented and regularly reviewed.
- Maintain compliance with the DoD Cyber Workforce Framework (DCWF), ensuring staff certifications and training are up to date.
Requirements
- A minimum of eight years of experience in managing cybersecurity projects of similar size and complexity to this requirement within a cloud environment.
- A minimum of eight years of experience with the NIST RMF, NIST SP 800-53, STIGs, Security Content Automation Protocol (SCAP), Information Assurance Vulnerability Alerts (IAVAs), and Federal Information Security Management Act (FISMA).
- Possess one of the following certifications: CISM, Certified Information Systems Security Officer (CISSO), Federal IT Security Professional-Manager (FITSP-M), GIAC Certified Intrusion Analyst Certification (GCIA), GIAC Cloud Security Automation (GCSA), GIAC Certified Incident Handler (GCIH), GIAC Security Leadership Certification (GSLC), Global Industrial Cyber Security Professional Certification (GICSP), CISSP-ISSMP, or CISSP
- Possess a minimum of a favorably adjudicated Tier 5 investigation.
- Prefer bachelor’s degree in computer science, IT, information systems, or a related field.
- Prefers a minimum of eight years of experience analyzing, assessing, and implementing corrective actions based on vulnerability management and penetration testing.
- Prefers minimum of eight years of experience supporting DoD defensive cyber operational activities, including, but not limited to, information system protection, defense, response (incident handling), reporting, and recovery.
Benefits
- Medical, dental, and vision benefits
- Life and disability insurance
- Employer matching 401(k) retirement plan
- Paid Time Off
- Parental and Bereavement Leave
- Professional Development
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Senior Application Security Analyst ensuring code integrity and security at Evertec, leading security strategies and initiatives in software development.
Senior Principal Security Engineer at Workday acting as technical contact for Enterprise Security. Bridging cybersecurity strategy with hands - on execution to tackle complex security challenges.
Leitung des Sachgebiets Infrastruktur und Sicherheit mit Verantwortung für den Betrieb der technischen Basisdienste. Enger Austausch mit Amtsleitung und Fachbereichen zur IT - Strategie der Stadt Elmshorn.
As a Producer, support the Senior Producer in delivering AAA projects for Behaviour Interactive, a gaming industry leader. Collaborate with the leadership team to ensure high - quality product alignment.
Business Information Security Officer responsible for ensuring cybersecurity compliance in Europe for Boeing. Leading regional security initiatives and managing relationships with stakeholders across the continent.
IT Cybersecurity Specialist handling technical support in information security for MODEC's operations. Ensuring strategic and compliance alignment with global cybersecurity standards.
Product Security Engineer ensuring security in cloud - native product development at Trainline. Collaborating with cross - functional teams to improve security practices and safeguard digital channels.
Information Security Engineer supporting day - to - day information security operations. Working with cross - functional partners to ensure security compliance and risk management.
Lead security operations at Beyond Finance to ensure high security standards and manage vulnerability assessments. Oversee incident response and develop a disciplined security team.