Enterprise - Information System Security Officer - RMF, AWS, Kubernetes

Erias Ventures was founded to serve its customers with an entrepreneurial mindset. We value creative problem-solving , open communication , and empowering our employees to make decisions and put forth new ideas.

Our staff includes technical experts working across multiple disciplines, bringing diverse perspectives to every project. We are seeking engineers who wish to grow their careers and want to become part of a technically strong and growth-oriented company focused on bringing innovative solutions to the difficult mission problems facing our customers.

Description
We are is seeking talented professionals to join our successful and growing team in building the next-generation Continuous Diagnostics and Mitigation (CDM) Cyber data solution. The CDM Program is the Cybersecurity and Infrastructure Security Agency’s (CISA) dynamic approach to strengthening the cybersecurity of Federal networks and systems through better awareness and visibility into their security posture and cyber threats. We are responsible for designing, building, deploying, operating, and maintaining a complete ‘Data Services’ solution which includes the collection, normalization, visualization, and sharing of cyber data from more than 100 Federal agencies. The CDM Data Services product is an integrated suite of multiple Commercial Off the Shelf (COTS) products, software configuration packages, and custom code which work together to operate as an integrated solution tailored to meet Department of Homeland Security (DHS) requirements. 

We are seeking professionals who thrive in a dynamic, fast-paced, and highly collaborative environment where problem-solving, critical thinking, and a holistic approach to serving the mission are key. Our program operates within the Scaled Agile Framework (SAFe). An aptitude and enthusiasm for continuous learning, improvement, and cyber security is a must!

We are is seeking a talented, diligent, and energetic Security Analyst. The ideal candidate will be able to assess security risks, analyze security data, and develop and implement security strategies to protect the program’s technology infrastructure and data. They will implement and support all functions related to attaining and maintaining an authority to operate to include documentation, analysis, policy compliance, and the regular execution of system security activities. They will have a deep understanding of network protocols, operating systems, and cybersecurity best practices to guard against all potential cyber threats. The ideal candidate will be able to align to the following duties:

• Apply experience of RMF Steps 1 through 4; significant experience producing Information Security documents (System Security Plan, Privacy Assessments – PIA, PTA, Risk Assessment, Incident Response, Disaster Recovery, Interconnection Systems Agreements, BIA, ISA, etc)
• Assist with production-systems data management, analyzing performance, identifying problems, and developing recommendations that support cybersecurity initiatives
• Collaborate with cross functional teams to collect, analyze, and present recommendations regarding security posture, risks, and mitigations in addition to brief technical vulnerabilities and system non-compliance based on Information Security policy
• Develop, revise, and capture system-specific workflows and processes that align with compliance and program governance based on relevant guidelines and regulation
• Evaluate system functions for writing security control language for the satisfaction of an authority to operate
• Document security best practices and standard operating procedures, and collaborate with other teams to support cross cutting processes
• Assess the impact of system vulnerabilities identified manually or by security scans, and provide courses of action recommendations and remediation support
• Maintain system security awareness through regular monitoring and alerting
• Maintain accuracy of all security documents necessary for compliance throughout the system's lifetime
• Document and track POA&Ms from creation to completion
• Create and maintain dashboards to inform cyber risk posture

Clearance
US citizenship with ability to obtain Public Trust Suitability

Experience

Required skills:

• Bachelor’s degree or 5 years of relevant experience
• 3+ years operating in the Federal cyber security domain spanning governance and risk management, business continuity and disaster recovery, encryption, software development security, access control, network security / secure architecture, and security operations
• 3+ years experience reviewing and/or configuring AWS Organizations, CloudFormation, and/or Terraform Infrastructure as Code
• 3+ years of infrastructure and network security experience
• 3+ years implementing NIST RMF and writing security control responses across all control families
• 3+ years delivering Federal cybersecurity reporting and compliance requirements 
• 3+ years evaluating system security posture from the application level to underlying infrastructure
• 1+ year supporting systems deployed in cloud hosting environments
• 1+ year experience communicating security concepts, governing policy, and compliance with both technical and non-technical personnel in oral and written mediums

Desired skills:

• Ability to administer and/or configure Kubernetes
• Ability to execute agent and agentless security scans (i.e., Splunk, Nessus, Burpsuite)
• Ability to evaluate code, logic, and data flows within COTS and custom applications
• Familiarity with DHS, CISA, and the Continuous Diagnostics and Mitigation (CDM) program
• Familiarity with AWS’ well architected framework
• Familiarity with Cloud-based security requirements and implementation of best practices
• Familiarity with code repositories, particularly Git/GitHub
• Relevant cybersecurity certifications including CISSP, CISM, Security+, etc.

Benefits
Erias Ventures provides a complete package of wealth, health, and happiness benefits. The expected salary range for this position, depending on education and years of experience is $150,000 - $215,000.

Wealth Benefits:

• Above Market Hourly Pay
• 11% Roth or Traditional 401k with Immediate Vesting and Deposit
• Spot Bonuses for Assisting with Business Development and Company Growth
• Professional Development Bonuses for Certificates and Degrees

Health Benefits:

• Company subsidized Medical Coverage
• 100% Company Paid Vision and Dental Coverage
• 100% Company Paid Long Term Disability , Short Term Disability , and Group Life Insurance
• Monthly Wellness Reimbursement

Happiness Benefits:

• Paid Time Off with Flexible Work Schedules and Birthday Off
• Amazon Prime Membership and Monthly Internet Reimbursement
• Technology and Productivity Allowance for Equipment and Supplies
• Morale Building and Company Events to Celebrate our Successes and Build our Community
• Onboarding and Annual Swag
• Company Paid Professional Development and Training

At Erias Ventures, we are dedicated to fostering a diverse and inclusive workplace. As an equal opportunity employer, we ensure that all qualified applicants are considered for employment based on merit, without discrimination. We welcome individuals regardless of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

Referrals & Inquiries
Do you know a cleared professional seeking to advance their career? Interested in earning some extra cash? If so, refer them to us with their name and contact details, and you could be eligible for a referral bonus of up to $10,000 for each successful hire.

Not seeing the right position right now? Reach out to us, and we’ll notify you as new contracts and opportunities become available!

Please send referrals and inquiries to:
[email protected]

To learn more about our company visit our webpage or LinkedIn .