Database Security Specialist

Job Description

Job Description

Evolver Federal is looking for a Database Security Specialist ­to join our team supporting our government client.

The successful candidate will work with Database Administrators, ISSOs and System Teams to support the client in ensuring the security of its databases across the enterprise. By collaborating with other stakeholders (Federal and Contractor), the candidate will support the ISD Security Tools Team and System DBAs in establishing the initial configuration of database scans using TIO (Tenable Nessus). The candidate will also monitor successful application of security patching for all databases and troubleshoot where necessary, review database-related POA&Ms and provide input into POA&M milestones and associated remediation plans, review artifacts for POA&M closure relating to documented database weaknesses and advise on closure, assist the team in hardening databases throughout the enterprise, and assist DBAs in onboarding database logs to the organization's SIEM tool. The candidate must be a self-starter.

The client environment is diverse and currently contains Oracle, Postgres, SQL Server, and mySQL databases.

Responsibilities

• Review output of database scans using Tenable io (TIO), work with System DBAs to remediate findings, including vulnerabilities and hardening.
• Provide input and recommendations into approved security configuration baselines for database types including Oracle, Postgres, SQL Server, and mySQL.
• Provide input and recommendations into approved database versions based on database type.
• Work with members of the POA&M Management Support Team to review artifacts submitted as evidence of POA&M closure for database-related weaknesses.
• Review, validate, and track false positives and known deviations in scan results to provide assurance that IT systems meet established configuration baseline(s) for approved database types.
• Review documentation submitted in support of requesting a waiver for compliance with specified security requirements per the NIST SP 800-53 and provide recommendations to client for approval and acceptance of associated risk. Specific to security requirements relating to databases and the database layer of a system.
• Participate in process improvement initiatives to mature the client's internal business processes in areas including, but not limited to, vulnerability remediation, patch remediation efforts, STIG compliance, and approved database instances.
• Work with Database Administrators, ISSOs, and System Admin Teams to configure database assets to send the appropriate logging data to Splunk/ designated SIEM tool.
• Provide recommendations for database logging standards across the enterprise for each database type within the enterprise to facilitate establishing new and enhancing existing logging standards.
• Perform other duties as assigned by the Government.
• Ability to work efficiently and effectively in a dynamic and fast-paced environment.
• Determine the clearest and most logical way to present information and instructions for greatest reader comprehension and write and edit technical information accordingly.
• Meet with other Technical SMEs (Federal and Contractor) to ensure specialized topics are appropriately addressed, discussed, and understood.

Basic Qualifications

• Bachelor's Degree in Information Technology, Computer Science, or related field or 10 years of overall experience.
• Minimum of 5 years of experience as a Database Administrator for Oracle and/or Postg res databases in the federal government, including configuring databases to comply with Industry-Standard configuration baselines.
• Database certification such as Oracle Database Administrator Certified Professional, Certified PostgreSQL Database Administrator, or similar.
• 5 years of experience with Oracle and Postgres.
• 5 years of experience in troubleshooting complex issues involving database security settings and engaging in complex root causes analysis.
• 5 years of experience with cloud-based environments and cloud infrastructure.
• 3 years of experience using Tenable.io, specifically to review scan results, search, and create custom reports.
• 3 years of experience one or more of the following tools: tenable.io, Nexus IQ Server, Splunk Enterprise v 7.3 and higher, DoJ CSAM, JIRA/ Confluence, CloudCheckr, PrismaCloud
• General awareness of the NIST SP 800-37 Risk Management Framework.
• Must have previous client-engagement experience.
• Must be a US Citizen with suitable eligibility for Public Trust position.

Preferred Qualifications

• Experience with other database types including, but not limited to Postgres, SQL Server, or mySQL preferred, but not required.
• Previous experience supporting Department of Homeland Security federal clients preferred.
• Working knowledge of secure configuration guidelines for Oracle databases, specifically CIS Benchmarks.
• General awareness of the NIST SP 800-53, specifically as the controls apply to database security.
• Ability to work independently and possesses a solid understanding of database and cyber security concepts.
• Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations.
• Ability to clearly articulate database-related weaknesses for the purpose of documenting POA&M descriptions.
• Ability to clearly articulate remediation strategies and/or compensating controls specific to database weaknesses.
• Ability to clearly communicate complex technical concepts to Information Technology Project Managers, Database Administrators, Application Developers, and Security Compliance Analysts, as well as non-technical POCs such as Branch Chiefs and Business System Owners.
• Ability to adapt to frequent changes in priorities, follow project schedules, meet established deadlines, and proactively communicate risks and issues to the Contractor PM and/or Federal Leads.
• Ability to adapt to an Agile environment and provide quality, professional deliverables in a short timeframe with little to no guidance from the Government.
• Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client.
• Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints.
• Possess strong analytical and critical thinking skills with the ability to apply them to the client/ contract workspace.

Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.

Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.