Game Plan Tech is a mission-driven consulting and services firm with expertise in helping government teams access innovative technologies. They are seeking a Security Engineer to design and manage security architectures for cloud environments, integrate security practices in software development, and ensure compliance with government security standards.
Responsibilities:
- Design, implement, and manage security architectures for cloud environments (e.g., Google Cloud, AWS, Azure). This includes securing cloud resources, managing access control, implementing network security, and ensuring data protection
- Integrate security practices throughout the software development lifecycle (SDLC). This involves conducting code reviews, performing vulnerability assessments, and promoting secure coding practices
- Assess and mitigate security risks specific to AI systems, including data poisoning, adversarial attacks, and model theft
- Ensure that systems and processes meet relevant government security standards and regulations (e.g., FedRAMP, NIST 800-53, DISA Impact Levels). This includes conducting security audits, preparing documentation, and participating in accreditation activities
- Develop and execute incident response plans, investigate security breaches, and implement corrective actions
- Promote security awareness across the organization through training, communication, and best practice guidance
- Stay abreast of emerging security threats and vulnerabilities, and proactively implement measures to mitigate risks
Requirements:
- Knowledge of government compliance frameworks and accreditation processes, such as FedRAMP, NIST 800-53, and FISMA
- Experience with the DISA Cloud Security Requirements Guide (SRG)
- Deep knowledge of security technologies such as firewalls, intrusion detection systems, and security information and event management (SIEM) tools
- Familiarity with secure coding practices, vulnerability assessments, and vulnerability remediation
- Experience with security automation and DevSecOps practices and Infrastructure as Code (IaC)
- Strong understanding of cloud security, software security, and AI system security
- Experience documenting system security posture and adherence to security controls, including creating and maintaining security plans, risk assessments, and incident reports
- Hands-on experience with security tools and technologies for cloud environments (e.g., Google Security Command Center, AWS Security Hub, Azure Security Center, Tenable Products)
- Knowledge of specific AI/ML frameworks and libraries and how to assess their implementations for security
- Experience working with Department of Defense (DoD) security stacks including VDMS, VDSS, BCAP, and other related security frameworks, tool, and common practices
- Bonus points for relevant security certifications (e.g., CISSP, CCSP, Professional Cloud Security Engineer)