Cybersecurity SME

Recruiter
Gunnison Consulting Group Inc
Location
United States
Salary
Competitive
Posted
25 Sep 2024
Closes
23 Oct 2024
Job Type
Cyber Security
Employer Sector
Technology, IT & Telecoms
Contract Type
Permanent
Hours
Full Time

Work Location: Hybrid/Washington, DC.

We are seeking a motivated and customer–oriented cybersecurity professional to support our Department of State client. The candidate will support customer compliance with M–21–31 and E.O. 14028 (Cyber Incident Logging).

Duties and responsibilities include:

  • Provide expert guidance during the Oracle 19C upgrade, ensuring the implementation of security controls, system hardening, and compliance–driven optimizations.
  • Conduct in–depth evaluations of software systems, pinpoint vulnerabilities, and recommend solutions in alignment with strict government security standards.
  • Champion security–by–design principles. Design and implement comprehensive logging mechanisms, establish audit trails, and develop technical validation processes to ensure adherence to government recordkeeping and security mandates.
  • Mentor teams on secure coding practices, threat modeling, and compliance–driven development. Integrate static/dynamic security testing tools into the development pipeline.
  • Proactively identify potential security risks and vulnerabilities. Prepare comprehensive reports detailing security posture, compliance gaps, and prioritized mitigation strategies.
  • Work closely with government stakeholders to understand security requirements, interpret directives, and ensure projects meet contractual compliance obligations.

Required Qualifications:

  • A bachelor's degree in computer science, Cybersecurity, Software Engineering, or a closely related technical field OR Extensive, directly relevant experience in secure software engineering and compliance may be considered in lieu of a degree.
  • Deep expertise in secure software architecture, design patterns, and defensive coding techniques to safeguard systems from the ground up.
  • In–depth understanding of data integrity principles, logging best practices, and rigorous auditing standards as they relate to government record–keeping requirements.
  • In–depth knowledge of cybersecurity frameworks (NIST, ISO, etc.), risk assessment methodologies, and federal compliance standards.
  • Proven track record in designing and implementing robust security solutions within government–mandated compliance frameworks.
  • Extensive experience in integrating security controls and testing throughout the SDLC, with a focus on threat modeling, vulnerability analysis, and secure code reviews.
  • Mastery of multiple programming languages, secure coding principles, cybersecurity tools, and cloud security (desirable).
  • Exceptional written and verbal communication. Ability to translate technical security requirements into actionable plans for development teams and clearly articulate risks to non–technical stakeholders.

Desired Qualifications:

  • Experience with Oracle database administration, specifically upgrades or migrations.
  • In–depth knowledge of cybersecurity frameworks (NIST, ISO, etc.), risk assessment methodologies, and federal compliance standards.
  • Experience conducting comprehensive security evaluations and vulnerability assessments.
  • Expertise in records management principles, log analysis, and auditing best practices.
  • Understanding of government recordkeeping requirements and compliance frameworks.
  • Strong understanding of log data formats, event correlation, and data retention policies.
  • Proficiency in developing technical standards and documentation.
  • Comprehensive understanding of security risk assessment methodologies and reporting frameworks.
  • Certified Information Systems Security Professional (CISSP).
  • Oracle Certified Professional (OCP) Database Administration.
  • Oracle Database Security Specialist.
  • Certified Information Systems Auditor (CISA).
  • Systems Security Certified Practitioner (SSCP) OR a relevant GIAC certification (GSEC, GPEN, etc.).

Clearance Requirement: Active Secret clearance.

Why Join Gunnison?

  • Gunnison takes on ambitious projects. We target fun, challenging work that requires creative thinking and innovation.
  • Quality is our top priority.
  • Gunnison employee benefits meet or exceed what other companies in the Washington, D.C. metropolitan area offer.
  • There is a great sense of camaraderie at Gunnison. This is an atmosphere we will maintain as we continue to grow.
  • We are growing rapidly and the opportunity for individual professional growth with Gunnison is outstanding.
  • We hire for careers at Gunnison, not to fill a position.

Employee Benefits:

Gunnison employee benefits meet or beat other companies in the Washington, D.C. metropolitan area, including:

  • Bonuses AND profit–sharing.
  • 401k Matching.
  • Certifications and training allowance $2,500/year.
  • 3 weeks of personal leave your first year (160 hours can roll over every year).
  • 5 days of Flex–Time–Off per year.

Equal Opportunity/Affirmative Action Employer. Must be eligible for employment in the United States. We are unable to sponsor candidates at this time.

In 1994 Gunnison Consulting Group began serving the greater Washington, D.C. metro area, focused on tackling our customers' most ambitious technology projects. By creating a culture dedicated to enabling our customers and employees to achieve more than they ever thought they could, the company has thrived for over 25 years.