Cloud Security Control Assessor

Kingfisher Systems, Inc. (Kingfisher) specializes in providing a full range of Information Technology, Cybersecurity, Intelligence, and support services to the U.S. Government. Kingfisher's core competency is technology-enabled services with a specific focus on national security. Since 2005 Kingfisher has established itself as a recognized and trusted partner whose mission is safeguarding sensitive information, operations, and programs for our Federal customers and U.S. warfighters.

Position Description:

Kingfisher seeks an exceptionally qualified Cloud Security Control Assessor to join a very successful team supporting a DOD client at our NGIC location in Charlottesville, VA. A successful candidate will possess a wide array of experience with Information Assurance /Information Management and Technology to include an understanding of on-premise vs. cloud-based system use and securing of operating systems, network infrastructure, software applications, web servers, and databases.

Roles and Responsibilities:

• Develop methods to monitor and measure risk, compliance, and assurance efforts within a cloud environment using existing and industry cutting edge methods.
• Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level within the cloud environment.
• Draft statements of preliminary or residual security risks for system operation for both cloud baseline and for tenants planning to enter/use or maintain capabilities in the environment.
• Maintain information systems assurance and accreditation materials for all efforts relating to the cloud computing baseline.
• Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements across all capabilities using implemented cloud capabilities.

Desired Skills:

• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of cyber threats and vulnerabilities.
• Knowledge of cybersecurity principles
• Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
• Knowledge of specific operational impacts of cybersecurity lapses.
• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• Knowledge of cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities.
• Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.
• Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
• Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of the organization's evaluation and validation requirements.
• Knowledge of penetration testing principles, tools, and techniques.
• Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.
• Knowledge of Risk Management Framework (RMF) requirements.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of the Security Assessment and Authorization process.
• Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Skill in discerning the protection needs (i.e., security controls) of information systems and other computing environments.

Required Certification: IAM Level III (i.e. CCISO, GSLC, CISSP or CISM)

Security Clearance: **Candidates must have an active TS/SCI **

Kingfisher Systems, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, national origin, age, protected veteran status, among other things, or status as a qualified individual with a disability.