Security Engineer

Game Plan Tech is a mission-driven consulting and services firm focused on helping government teams access innovative technologies. The Security Engineer role involves designing and managing security architectures for cloud environments, integrating security practices throughout the software development lifecycle, and ensuring compliance with government security standards.

Responsibilities:

• Design, implement, and manage security architectures for cloud environments (e.g., Google Cloud, AWS, Azure). This includes securing cloud resources, managing access control, implementing network security, and ensuring data protection
• Integrate security practices throughout the software development lifecycle (SDLC). This involves conducting code reviews, performing vulnerability assessments, and promoting secure coding practices
• Assess and mitigate security risks specific to AI systems, including data poisoning, adversarial attacks, and model theft
• Ensure that systems and processes meet relevant government security standards and regulations (e.g., FedRAMP, NIST 800-53, DISA Impact Levels). This includes conducting security audits, preparing documentation, and participating in accreditation activities
• Develop and execute incident response plans, investigate security breaches, and implement corrective actions
• Promote security awareness across the organization through training, communication, and best practice guidance
• Stay abreast of emerging security threats and vulnerabilities, and proactively implement measures to mitigate risks

Requirements:

• Design, implement, and manage security architectures for cloud environments (e.g., Google Cloud, AWS, Azure)
• Secure cloud resources, manage access control, implement network security, and ensure data protection
• Integrate security practices throughout the software development lifecycle (SDLC)
• Conduct code reviews, perform vulnerability assessments, and promote secure coding practices
• Assess and mitigate security risks specific to AI systems, including data poisoning, adversarial attacks, and model theft
• Ensure that systems and processes meet relevant government security standards and regulations (e.g., FedRAMP, NIST 800-53, DISA Impact Levels)
• Conduct security audits, prepare documentation, and participate in accreditation activities
• Develop and execute incident response plans, investigate security breaches, and implement corrective actions
• Promote security awareness across the organization through training, communication, and best practice guidance
• Stay abreast of emerging security threats and vulnerabilities, and proactively implement measures to mitigate risks
• Compliance Expertise: Knowledge of government compliance frameworks and accreditation processes, such as FedRAMP, NIST 800-53, and FISMA
• Experience with the DISA Cloud Security Requirements Guide (SRG)
• Deep knowledge of security technologies such as firewalls, intrusion detection systems, and security information and event management (SIEM) tools
• Familiarity with secure coding practices, vulnerability assessments, and vulnerability remediation
• Experience with security automation and DevSecOps practices and Infrastructure as Code (IaC)
• Strong understanding of cloud security, software security, and AI system security
• Experience documenting system security posture and adherence to security controls, including creating and maintaining security plans, risk assessments, and incident reports
• Hands-on experience with security tools and technologies for cloud environments (e.g., Google Security Command Center, AWS Security Hub, Azure Security Center, Tenable Products)
• Knowledge of specific AI/ML frameworks and libraries and how to assess their implementations for security
• Bonus points for relevant security certifications (e.g., CISSP, CCSP, Professional Cloud Security Engineer)
• Experience working with Department of Defense (DoD) security stacks including VDMS, VDSS, BCAP, and other related security frameworks, tool, and common practices