Join the team! This is an opportunity to join a group of IT professionals taking CPSC's information systems to another level. We're looking for a bright, creative, hard-working individual equally as passionate about protecting CPSC information systems against unauthorized disclosure. The work is demanding and exciting. Consider a position at the CPSC as your career choice.Learn more about this agency
This position is located within the Office of Information and Technology Services and reports to the Information Systems Security Officer (ISSO). The incumbent serves as a technical professional and IT security analyst with responsibility for supporting the agency’s cybersecurity program, with an emphasis on cloud initiatives. The incumbent will primarily be responsible for the security oversight of the agency’s cloud environment and the development of system security and information assurance documentation, consistent with federal standards, to support the security assessment of agency cloud-based systems. The ideal candidate is capable of configuring and monitoring cloud security services, performing security audits and risk analyses of cloud environments, as well as application-level vulnerability testing and security code reviews. The candidate must be familiar with cloud-specific security principles and best practices (Federal information security policies, practices, and legal requirements including FISMA, RMF, NIST, and FedRAMP).
The incumbent will work independently to:
- Review proposed requirements, design, and architecture documents to identify potential security issues in agency cloud environments, information systems, and applications.
- Evaluate, install, configure, and manage cloud security tools and services that are employed to protect agency cloud environments.
- Monitor network activity and analyze evidence of suspicious behavior to identify and report events that occur or might occur within agency networks.
- Review data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze and respond to events that occur within the operating environment for the purpose of mitigating threats.
- Conduct assessments of threats and vulnerabilities, determine deviations from acceptable standards and best practices, asses the level of risk, and develop and/or recommend appropriate mitigation countermeasures in both operational systems and systems undergoing development.
- Review and asses system changes for security implications and impact to existing operations.
- Provide technical recommendations and guidance for corrective actions resulting from security audits and vulnerability assessments.
- Develop standard operating procedures to document routine work processes.
This job originated on www.usajobs.gov. For the full announcement and to apply, visit www.usajobs.gov/GetJob/ViewDetails/584464900. Only resumes submitted according to the instructions on the job announcement listed at www.usajobs.gov will be considered.