Job Description

Fusion Innovation's recent growth has earned us a top spot in the Inc 5000 Fastest Growing Private Companies in America and in Washington Business Journal's Best Places to Work multiple years in a row. Our team members are passionate about their work and are empowered to contribute their unique skills and perspectives to our projects. Here at Fusion, we put people first. When you join us, you don't just join a company, you join a family. If you are ready to be part of a fun and engaging team where your innovative ideas are heard, supported, and make ever lasting mission impacts for our Nation's most sensitive programs, you have come to the right place.

Position Overview

We are currently seeking a strong Cyber Security Engineer (CSE) or Information Security Systems Engineer (ISSE) to assist in establishing, coordinating, and maintaining our cloud service provider (CSP) cyber security posture and perform risk analysis within cloud security organization. The organization manages security assessments, security compliance, change management, and continuous monitoring responsibilities across 5 cloud service providers (Amazon Web Services, Google Cloud, Oracle Cloud, Microsoft Azure, and IBM Cloud) The position requires a healthy mix of technical and policy knowledge. Candidate shall understand and have experience implementing services to intelligence community standards like ICD 503, NIST Risk Management Framework and cloud technologies.

Responsibilities include, but are not limited to the following:

• Lead technical exchange meetings with cloud service provider to review cloud service architecture
• Evaluate data flow and architecture diagrams of cloud services for compliance with security standards.
• Assist with reviewing, maintaining, and ensuring all Assessment and Authorization (A&A) documentation, including Customer's security plans, are complete, of high quality, and ready for authorization.
• Assist with developing risk mitigation strategies, solutions, and recommendations through conducting and/or participating in holistic information security testing assessments.
• Perform and provide the risk tradeoff analysis that weighs competing equities of cyber security compliance, cost, and mission needs.
• Assist with developing, documenting, and assessing measures and metrics as they pertain to information security assessments and risk acceptance.
• Provide guidance and recommendations concerning all aspects of the Commercial Cloud Enterprise (C2E) A&A, the functions of sub-processes, and the impact of changes when required.
• Review Plan of Actions and Milestones (POA&Ms) to ensure programs are making progress in mitigation risk to system

Required Skills

• Active Top Secret/SCI with Polygraph.
• A degree (or equivalent experience) in Computer Science, Information Systems, Engineering, Business, or a scientific or technical discipline.
• Multiple years' relevant experience (minimum 5 years, 10+ years is strongly desired) in cyber security with a passion to learn in a fast-paced environment
• The ability to analyze systems, including forensically, for malware, misuse, and/or unauthorized activity.
• Knowledge of investigation and analysis of all data sources, which may include Internet, Intelligence Community reporting, security events, firewall logs, forensic hard-drive images, and other data sources to identify malware, misuse, unauthorized activity or other cyber security related concerns.
• Knowledge of computing design concepts and implementation.
• Knowledge of network defense monitoring tools and systems
• Self-starter mentality
• Familiar with Amazon Web Services, Oracle Cloud, Google Cloud, IBM Cloud and Microsoft Azure cloud architecture or willingness to study independently to pick up expertise in one or many cloud vendors
• Strong communication skills are required to engage with internal stakeholders and external stakeholders across intelligence community.
• Ability to conduct TEMs with cloud service providers on cyber security topics.
• Knowledge and experience of intelligence community security policies; relevant federal and private standards and requirements (e.g., ICD 503, CNSSI 1253, NIST SP 800-53)
• Experience working with a federal information security program and collaborating with security control assessors (SCAs).
• Ability to understand and convey threats and impact of threats related to the results of a security assessment.
• Familiar with continuous monitoring requirements to include scan analysis for critical or high findings with common scan tools (e.g., Rapid 7, Nessus, Qualys).
• Experience with creating, monitoring, and closing system or service Plans Actions and Milestone items (POA&Ms).
• Experience with utilizing compliance tools to track assessment and authorization activities (e.g. Xacta 360, Risk Vision, RSA Archer).
• Knowledge of common control provider concept within NIST Risk Management Framework.

Desired Skills

• Ability to provide technical cyber security guidance
• Ability to convey technical information to non-technical individuals
• Ability to create complex system designs, resolve engineering problems, and propose preventative strategies
• Ability to work in a dynamic and challenging environment

Please note that all applicants must be U.S. citizens and require additional screening from our clients.

Fusion Innovation LLC is an Equal Opportunity/Affirmative Action Employer.