Senior Automation Security Specialist

Overview

On Site
Hybrid
Depends on Experience
Contract - W2

Skills

technology
automation and cybersecurityAdvanced proficiency in a subset of Splunk
Tenable (Nessus)
Axonius
Qumlos
ServiceNow
SharePoint
MS Teams
Power Automate
Python.

Job Details

LOCATION:                           __Remote________________________________________

 

WORK SCHEDULE/HOURS: _ Core hours from 8 am to 4 pm EST (Flexible)- No travel required.

 

NEW POSITION/REPLACEMENT:___New Position ______________________

 

 

REQUIRED SKILL SETS/EDUCATION/CERTIFICATES:

 

  • 8+ years of experience in technology, automation and cybersecurity
  • Advanced proficiency in a subset of Splunk, Tenable (Nessus), Axonius, Qumlos, ServiceNow, SharePoint, MS Teams, Power Automate, Python.

 

CLEARANCE LEVEL:     with eligibility for DHS Entry on Duty (EOD) and Secret Clearance.

 

 

 

JOB DUTIES:

 

1.Tool Integration and Automation:

  • Architect and implement power automate workflows to streamline the RMF compliance process, ensuring a significant reduction in manual effort and increased accuracy.
  • Seamlessly integrate and synchronize cybersecurity tools such as Splunk, Qumlos, Axonius, and Tenable with enterprise platforms like ServiceNow, SharePoint and MS Teams, establishing a unified and efficient cybersecurity environment.
  • Design and maintain a robust data aggregation and normalization system, ensuring seamless compliance checks and insightful reporting.
  1. Compliance Automation:
  • Champion the automation of security data collection and analysis to ensure meticulous NIST RMF ATO compliance.
  • Innovate and develop scripts and tools for regular and thorough security scans and assessments, proactively identifying vulnerabilities.
  • Curate visual dashboards and comprehensive reports in Splunk and similar platforms to continuously monitor compliance status and highlight potential areas of concern.
  1. Risk Assessment and Management:
  • Utilize automated tools for comprehensive asset inventory management, ensuring a complete overview of organizational assets and identification of security gaps.
  • Automate and enhance the risk assessment process by integrating diverse data sources and applying relevant NIST controls, streamlining the RMF documentation process.
  1. Continuous Monitoring and Improvement:
  • Develop and implement cutting-edge continuous monitoring strategies for prompt detection and response to security incidents.
  • Foster a culture of continuous improvement by regularly reviewing and refining automation processes to adapt to the evolving cybersecurity landscape.
  1. Training and Knowledge Transfer:
  • Orchestrate the development and delivery of comprehensive training materials and sessions, empowering security controls assessors with the knowledge to effectively utilize automated tools and interpret results.
  • Document automation processes meticulously and create user-friendly guides to ensure consistent application of tools and methodologies.
  1. Quality Assurance and Performance Tracking:
  • Embed rigorous quality control measures within automation processes, ensuring the integrity and reliability of data and compliance assessments.
  • Formulate and track key metrics and KPIs to monitor the performance of automated processes and the overall efficacy of the cybersecurity auditing function.
  1. Collaboration and Communication:
  • Foster a collaborative environment with security control assessors, IT staff and stakeholders, integrating feedback into the automation process and ensuring alignment with organizational goals.
  • Translate complex technical information into accessible language for non-technical audiences, effectively communicating the strategic benefits of automation.
  1. Policy and Procedure Development:
  • Contribute strategically to the development and updating of policies and procedures related to automation in cybersecurity auditing.
  • Certify that all automated processes are compliant with DHS 4300a and other relevant standards and guidelines, ensuring organizational alignment and integrity.

PERFORMANCE METRICS:

  • Measurable reduction in RMF compliance process time and errors.
  • Enhanced accuracy and efficiency in risk assessment and cybersecurity monitoring.
  • Strengthened team collaboration and knowledge sharing, evidenced by effective training outcomes and comprehensive documentation.

 

LOCATION:                           __Remote_

 

WORK SCHEDULE/HOURS: _ Core hours from 8 am to 4 pm EST (Flexible)- No travel required.

 

NEW POSITION/REPLACEMENT:___New Position ______________________

 

REPLACEMENT FOR:         __New_____________________________________

JOB DUTIES:

 

1.Tool Integration and Automation:

  • Architect and implement power automate workflows to streamline the RMF compliance process, ensuring a significant reduction in manual effort and increased accuracy.
  • Seamlessly integrate and synchronize cybersecurity tools such as Splunk, Qumlos, Axonius, and Tenable with enterprise platforms like ServiceNow, SharePoint and MS Teams, establishing a unified and efficient cybersecurity environment.
  • Design and maintain a robust data aggregation and normalization system, ensuring seamless compliance checks and insightful reporting.
  1. Compliance Automation:
  • Champion the automation of security data collection and analysis to ensure meticulous NIST RMF ATO compliance.
  • Innovate and develop scripts and tools for regular and thorough security scans and assessments, proactively identifying vulnerabilities.
  • Curate visual dashboards and comprehensive reports in Splunk and similar platforms to continuously monitor compliance status and highlight potential areas of concern.
  1. Risk Assessment and Management:
  • Utilize automated tools for comprehensive asset inventory management, ensuring a complete overview of organizational assets and identification of security gaps.
  • Automate and enhance the risk assessment process by integrating diverse data sources and applying relevant NIST controls, streamlining the RMF documentation process.
  1. Continuous Monitoring and Improvement:
  • Develop and implement cutting-edge continuous monitoring strategies for prompt detection and response to security incidents.
  • Foster a culture of continuous improvement by regularly reviewing and refining automation processes to adapt to the evolving cybersecurity landscape.
  1. Training and Knowledge Transfer:
  • Orchestrate the development and delivery of comprehensive training materials and sessions, empowering security controls assessors with the knowledge to effectively utilize automated tools and interpret results.
  • Document automation processes meticulously and create user-friendly guides to ensure consistent application of tools and methodologies.
  1. Quality Assurance and Performance Tracking:
  • Embed rigorous quality control measures within automation processes, ensuring the integrity and reliability of data and compliance assessments.
  • Formulate and track key metrics and KPIs to monitor the performance of automated processes and the overall efficacy of the cybersecurity auditing function.
  1. Collaboration and Communication:
  • Foster a collaborative environment with security control assessors, IT staff and stakeholders, integrating feedback into the automation process and ensuring alignment with organizational goals.
  • Translate complex technical information into accessible language for non-technical audiences, effectively communicating the strategic benefits of automation.
  1. Policy and Procedure Development:
  • Contribute strategically to the development and updating of policies and procedures related to automation in cybersecurity auditing.
  • Certify that all automated processes are compliant with DHS 4300a and other relevant standards and guidelines, ensuring organizational alignment and integrity.

PERFORMANCE METRICS:

  • Measurable reduction in RMF compliance process time and errors.
  • Enhanced accuracy and efficiency in risk assessment and cybersecurity monitoring.
  • Strengthened team collaboration and knowledge sharing, evidenced by effective training outcomes and comprehensive documentation.