EHS Manager

Responsibilities encompass collaborating with other Dev Ops and Sys Ops teams to transition public facing, on-premise applications to the cloud; securing the configuration management of the cloud infrastructure; mitigating risks, and applying security controls to improve visibility and diagnostics in compliance with Federal requirements and security best practices.

• Develop and deploy infrastructure as code (IaC) scripts to implement and optimize security controls and mechanisms of a cloud infrastructure.
• Act as the subject matter expert for cloud security and tools such as Security Information and Event Management (SIEM), access control mechanisms, Intrusion Detection and Intrusion Prevention Systems (IDS/IPS).
• Monitor cloud infrastructure and pro‑actively mitigate potential incidents before service degradation occurs.
• Provide guidance to the Dev Ops teams developing on public cloud platforms, advising on security standards for cloud deployment, and working to identify common patterns for template provisioning.
• Conduct assessments of security controls for new and existing cloud systems; create and maintain as‑built system documentation, architecture diagrams, and online collaborative documentation.
• Determine security modes of operation and recommend new or revised security measures and countermeasures for current security challenges.
• Collaborate with team members to continue to evolve and implement a state‑of‑the‑art secure cloud infrastructure.

• Requires bachelor’s degree in computer science, cyber security, engineering, or a related technical field plus 7 years of related experience with 5 years being in cloud system administration and systems security administration. Additional experience can be substituted for a degree.
• Experience designing and implementing an enterprise‑wide cloud security architecture.
• Proficiency with SIEM and vulnerability management solutions.
• Experience using common networking tools to aid in troubleshooting, including nmap, Wireshark, tcpdump, etc.
• Proficiency in one or more scripting languages:
  Python, Perl, Power Shell, or Bash.
• Proficiency with TCP/IP/UDP ports and protocols, IDS/IPS, Network Access Control List (NACL), Access Control Lists (ACL), and Security Group (SG) applications.
• Demonstrated ability to effectively communicate orally and in writing.
• Experience supporting a nationwide mid to large Federal agency enterprise is a plus.
• CISSP certification required.
• AWS Certified Security - Specialty, ISC2, or Cloud Security Alliance certifications desired.
• Must be able to obtain Level 2 Secret (ANACI) clearance.