Senior Cloud Security Administrator

Job ID: 2402912

Location: UPPER MARLBORO, MD, US

Date Posted: 2024-04-16

Category: Information Technology

Subcategory: Cloud Comp Engr

Schedule: Full-time

Shift: Day Job

Travel: Yes, 10 % of the Time

Minimum Clearance Required: None

Clearance Level Must Be Able to Obtain: Public Trust

Potential for Remote Work: No

Description

SAIC is seeking a highly motivated Senior Cloud Security Administrator to join our expanding, multi-disciplined team of professionals at our Identity and Data Sciences Laboratory (IDSL), headquartered in Upper Marlboro, MD. The selected candidate will play a critical role in ensuring the security and availability of our cloud-based systems. This position is dedicated to safeguarding our cloud-based infrastructure through proactive measures including: enforcement of role-based access controls, performing CVE scans and applying remediations, managing VPC configurations, ensuring data encryption standards are met, and performing system lifecycle management activities.

The IDSL team operates several physical and cloud-based environments, including systems hosted on customer networks, which enable scalable data collection, storage, and analytics. These next generation, high availability, scalable environments are leveraged by members of the IDSL team in the evaluation of emerging hardware and software technologies designed to improve the efficiency, effectiveness, and satisfaction of biometric and identity systems used by our customers.

The candidate will join a collaborative team composed of scientists, engineers, and subject matter experts. The successful candidate will enjoy working in a hands-on results-oriented environment with work primarily performed onsite at MdTF with additional opportunities to support field tests and pilots.

This is a hybrid work location position which can support up to a 60/40 ratio of onsite and remote work.

Key responsibilities:

• Overall:
  • Collaborate with the team to build, deploy, and manage instances of FedRamp compliant cloud-based infrastructure and services in AWS GovCloud environments.
• Cloud Security:
  • Maintain system security strategies, policies, and procedures in support of Approval to Operate (ATO) certifications and the Confidentiality, Integrity and Availability (CIA) triad.
  • Conduct regular CVE (Common Vulnerabilities and Exposures) scans and assessments to identify and mitigate vulnerabilities in our cloud-based resources.
  • Monitor system logs, investigate, and respond to security questions.
• Cloud Network Configuration:
  • Configure and maintain Virtual Private Cloud (VPC) configurations to ensure network isolation, security, and performance.
  • Implement and manage network access controls, security groups, and IP lists.
• User Management and Access Control:
  • Manage user identities and role-based access control in AWS through IAM (Identity and Access Management) policies.
  • Develop and maintain role-based access control strategies to enforce the principle of least privilege (PoLP) and ensure only authorized personnel have access to resources.
• Data Security:
  • Implement data security strategies for data at rest and in transit to prevent data spills and ensure compliance with data privacy regulations.
  • Configure data lifecycle policies to comply with data retention requirements.
  • Perform high-level, day-to-day operational administration of complex multi-user cloud-based computing systems including user management, authentication, audits, patches, and upgrades.
  • Coordinate, schedule and perform software installations and security updates for cloud-based systems, layered software packages, and databases.
  • Test, evaluate, and recommend next generation software applications and virtualized services for suitability of deployment on secured cloud systems.
  • Develop, implement, and promulgate standard operating procedures and schedules.
  • Train other team members in the day-to-day operational support duties related to cloud infrastructure administration and management.

Qualifications

Required Qualifications:

• Bachelors in a relative technical discipline and five (5) years or more experience; Masters and three (3) years or more experience; PhD and 0 years related experience. Additional experience will be considered in lieu of a degree.
• Experience with AWS Cloud services including IAM, VPC, EC2, S3, and CloudWatch.
• Experience performing CVE scans and managing system updates.
• In-depth knowledge and understanding of Linux server administration and user management including use of the command line interface.
• Prior experience with government ATO processes, procedures, and security best practices including multi-factor authentication.
• Fully understands and complies with FedRamp and FISMA requirements and procedures for cloud computing.
• Willing to iterate and adapt system support requirements to changing requirements and conditions.
• Strong writing skills and the ability to clearly articulate and document technical plans, findings, and recommendations.

Desired Qualifications:

• AWS, Azure, and/S certification.
• Hands-on experience administering and maintaining hybrid cloud architectures in configuration controlled environments.
• Demonstrated experience making administrative decisions based on information assurance standards, scalability, extensibility, supportability, and sustainability.
• Experience with internet routing protocols and concepts: TCP/IP, BGP, MPLS, ISIS and/or OSPF.
• Experience with administration and configuration of multiple concurrent cloud environments.
• Experience with secrets management, data encryption, and data lifecycle policies.

SAIC accepts applications on an ongoing basis and there is no deadline.

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.