The Azure Security Engineer is responsible for applying current, hands-on knowledge of best practices in securing cloud and on-premises systems to design, document, and implement security controls on U.S. Department of State networks as we migrate systems and applications to the Microsoft Azure cloud. This position is responsible for cloud security strategy as well as developing and maintaining system-specific security documentation in order to obtain and maintain Authorization to Operate (ATO) status within the NIST Risk Management Framework (RMF).
The applicant should have substantial, demonstrated experienced in Microsoft Azure security controls on production systems, and have a strong knowledge of on-premises cybersecurity in a Windows computing and Cisco networking environment. Familiarity with the U.S. Department of State's IT standards is a plus. This position will be part of Tsymmetry's Cyber Security team supporting the global network of the Office of Aviation of the Bureau of International Narcotics and Law Enforcement of the U.S. Department of State (INL/A).
Job Responsibilities **MUST HAVE AZURE SECURITY EXPERIENCE**
- Design and develop security architectures, diagrams, processes, and procedures for migrating major applications from an on-premises environment to the cloud.
- Select, implement, and document appropriate security controls following the Risk Management Framework (RMF) to obtain and maintain Authorization to Operate (ATO) status for the network and its major applications.
- Design, develop, and implement security technologies to improve end-user mobility and productivity, such as wireless, remote access, multi-factor authentication, and mobile device management.
- Leverage new cloud security capabilities to improve security configuration monitoring and event reporting.
- Maintain all ATO documentation including System Security Plans, Risk Assessments, etc. Make sure all systems meet applicable Federal and U.S. Department of State standards and guidelines.
**MUST HAVE AZURE SECURITY EXPERIENCE**
- A Bachelor's degree in a relevant field, such as Information Technology, Cyber Security, or Information Assurance, and a minimum of five years of related experience.
- In lieu of the degree, 10 years of related experience is required.
- Strong technical writing and verbal communications skills in English, with keen attention to details.
- Ability to work well with others in a collaborative team environment.
- Relevant certifications such as Azure Security Engineer, Azure Solutions Architect, CISSP, CCSP, etc.
- At least two years of recent cloud experience in designing and implementing much of the following:
- Azure Security Center, Azure Sentinel, Azure Monitor, logging, vulnerability scanning.
- Azure Network Security Groups, Application Security Groups, VPN connectivity, Azure Firewall
- Multi-Factor Authentication, Cloud-based Identity and Access Management systems, Azure Active Directory, Azure AD Privileged Identity Management
- Security alerts, VM security, data security and encryption for files and databases, SSL/TLS certificates, Azure Key Vault
- Azure Polices and custom RBAC roles
- Assessment and Authorization experience with U.S. Government systems.
- Experience with implementing the Risk Management Framework process.
- Experience with writing cyber security risk assessments.
- Experience with automated scan tools, firewalls, Intrusion Prevention Systems, and VPNs.
- Experience with U.S. Department of State IT systems and standards (FAM/FAH).
- provided by Dice