Senior GRC Engineer

🕒 il y a 4 mois

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

DataLock Consulting Group

Site WebLinkedInTous les Emplois

11 - 50 employés

Fondée en 2013

🔒 Cybersecurity

📋 Conformité

Cybersecurity • Compliance • Healthcare

DataLock Consulting Group est une entreprise de conseil en cybersécurité qui se spécialise dans le développement de programmes de sécurité, la conformité, ainsi que dans l'architecture et l'ingénierie de la sécurité. Leur approche consiste à intégrer la cybersécurité dans les fondations des réseaux et des systèmes plutôt que de la traiter comme une simple réflexion après coup. Ils desservent divers secteurs, y compris le gouvernement, la finance, l'aérospatiale et la santé, offrant des services tels que la gestion des risques, les évaluations de sécurité et la sécurité du cloud.

Description

• Maintain and strengthen the cybersecurity posture of assigned federal programs, systems, or enclaves. • Guide system owners, ISSOs, and engineering teams in applying GRC engineering principles throughout the system lifecycle. • Lead and support Risk Management Framework activities, including system categorization, control selection, implementation, assessment, authorization, and continuous monitoring. • Produce high-quality security and privacy artifacts that are technically sound, actionable, and aligned with engineering realities. • Support achievement and maintenance of Authorities to Operate (ATOs) and manage associated Plans of Action and Milestones (POA&Ms). • Brief senior leadership on risk posture, authorization status, and remediation strategies. • Apply DevSecOps principles to integrate security into CI/CD pipelines and modern development workflows. • Support Zero Trust architecture implementation, supply chain risk management, and modernization initiatives. • Apply continuous integration, continuous delivery, and continuous security principles across environments. • Support implementation and analysis of SAST, DAST, Software Composition Analysis, secrets management, and GitHub-based workflows. • Apply Infrastructure as Code, virtualization, and containerization concepts to security engineering and assessment activities. • Utilize endpoint protection, integrity monitoring, and SIEM tooling to support security operations and monitoring. • Implement and assess authentication, authorization, and identity federation mechanisms including SAML, OAuth, and OIDC. • Apply PKI, encryption technologies, and FIPS implementation requirements. • Analyze network architectures, topologies, and protection mechanisms to assess confidentiality, integrity, and availability risks. • Leverage OSCAL for machine-readable control catalogs, baselines, System Security Plans, and assessment documentation. • Analyze and interpret software vulnerabilities using CVE, CWE, and CVSS scoring methodologies. • Evaluate supplier and product trustworthiness as part of supply chain risk management efforts. • Develop and maintain cybersecurity and privacy policies aligned with organizational objectives. • Apply cybersecurity and privacy principles related to confidentiality, integrity, availability, authentication, and non-repudiation. • Assess security and privacy controls using frameworks such as NIST SP 800-53, the NIST Cybersecurity Framework, and CIS Critical Security Controls. • Determine how security systems should function, including resilience and dependability, and assess how environmental or operational changes affect system risk. • Communicate technical findings clearly and effectively through written documentation and stakeholder engagement. • Introduce automation, engineering practices, and innovation into GRC programs to improve efficiency and continuous monitoring maturity.

🎯 Exigences

• Bachelor’s degree in Computer Science, Information Systems, or a related field, or an additional three years of relevant experience. • Seven or more years of relevant cybersecurity experience. • Three or more years of experience serving as an ISSO for a Federal agency. • Prior experience serving as an ISSO for a portfolio of Federal systems. • Experience achieving ATOs, managing POA&Ms, and briefing senior leadership. • Deep functional and technical knowledge of NIST RMF and NIST CSF processes and documentation. • Expertise in FedRAMP standards and processes. • Strong understanding of IaaS, PaaS, and SaaS cloud service models, including Azure, Microsoft 365, Salesforce, ServiceNow, Appian, and MuleSoft. • Strong foundational and operational knowledge of DevSecOps, CI/CD pipelines, Zero Trust, supply chain risk management, artificial intelligence, and operational technology. • Familiarity with SAST, DAST, Software Composition Analysis, secrets management, and GitHub. • Operational knowledge of Infrastructure as Code, virtualization, and containerization. • Proficiency with endpoint protection, integrity monitoring, and SIEM tools. • Expertise in authentication, authorization, and identity federation technologies. • Familiarity with PKI, encryption technologies, and FIPS requirements. • Foundational understanding of network architectures and security mechanisms. • Familiarity with OSCAL and machine-readable security documentation. • Ability to analyze software vulnerabilities using CVE, CWE, and CVSS. • Experience in technical writing and producing clear, well-organized security documentation. • Experience evaluating supplier and product trustworthiness.

🏖️ Avantages

• Competitive compensation • Comprehensive benefits package • Strong commitment to work-life balance • Collaborative, remote-first environment • Professional growth opportunities