Senior Security Engineer Subject Matter Expert (SME)

Job Description

Job Description

Senior Security Engineer Subject Matter Expert (SME)

This position is on-site when required, otherwise remote. Based in Maryland, you will report directly to the Department of Human Services’ (DHS) Office of Technology for Human Services leadership.

Candidates chosen for an interview will meet the Education, General Experience and Specialized Experience requirements provided below.

Likelihood of at least one on-site interview located in downtown Baltimore, MD.

Work Location : On-site when required in Maryland and Hybrid remote (21-4.6)

Responsibilities / Duties :

• Manage Legacy and Cloud solutions to security strategy, governance and compliance, infrastructure hosting and business processes, requirements gathering, project management, security audits, policies and managing multi-agency relationships.
• Create strategic vision, governance and compliance by providing technical input and documentation support in NIST, FISMA and RMA security policies and procedures to generate Authority to Operate (ATO) for AWS platform, data and applications.
• Manage security controls to provide best practices in encryption of PII and FTI data at rest and in transit to support legislative, IRS and other Federal audits.

Provide application development security support including SSL Certificates, vulnerability scanning, penetration testing, database / disk encryption and application scripting security sing Privileged Access Management (PAM).

User of firewalls, IPS, VPN and MFA (multi-factor authentication).

• Authorize and manage hosting vendors relating to program objectives, change management, incident management, root cause analysis and consultant hiring.
• Assist in the design, documentation, and implementation of Security tools chosen by OTHS / DHS senior management.
• Motivate and lead cross-functional teams and manage stakeholder groups at various levels of the organization to build trust and forge critical consensus.
• Meets legal, regulatory, and policy mandates.

Education :

• Bachelor’s degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline with a preference in information technology.
• Master’s degree is preferred.
• Industry certifications, such as CISSP, CISA, CAP, Security+ are preferred.

General Experience / Skills :

• Must have 15 years of experience in the IT field.
• Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Strong business and technical background in Fortune 500 and / or business consulting experience.
• Deep understanding of cybersecurity and the relationship between threat, vulnerability and information value in the context of risk management.
• Strong proficiency with common cybersecurity management frameworks, regulatory requirements, and industry leading practices.
• Ability to handle stress and work well under pressure.
• Critical thinking and listening skills.
• Ability to multi-task.
• Exceptional interpersonal skills with the ability to collaborate well across teams and organizations.
• Leadership experience desired.
• Proven ability to deliver on-time with the highest quality.

Specialized Experience :

• At least 5 years of IT Security related experience.
• At least 2 years of experience in Cloud Security (preferably AWS).
• At least 5 years’ experience in many of the following areas :
• Security architect / design, planning and deployment.
• Vulnerability management.
• VPS, IPS, URL / content filtering, email security, encryption, SIEM, WAF.
• Windows, Linux OS.
• Server hardening / security baseline standards.
• PKI / certificate management.
• Security Operations and Incident Response.
• NIST, FISMA and RMA security policies and procedures.
• Identity and Access Management (MFA, SSO).
• Software development and secure development.
• Threat modelling.
• Team leadership and management.
• Security audit and compliance.
• Project / program management.

Applicants must be authorized to work in the U.S.

Salary negotiated commensurate with experience.

Benefits available for W2 employees :

• 401K
• Medical
• Vision
• Dental
• AD&D (Basic Term Life)
• Voluntary AD&D
• Floating Holidays

MORE ABOUT 4A

4A Consulting, LLC is one of the fastest growing solutions delivery companies in Maryland, delivering on end-to-end Enterprise-wide information technology (IT) initiatives.

4A has extensive experience delivering superb IT consulting and support services to federal, state, and local agencies, including the Centers for Medicare and Medicaid Services, the Social Security Administration, Food & Drug Administration, and the State of Maryland.

We cultivate a well-trained, technically savvy workforce through the acquisition of talent with specialized skills in program and technical management, cloud-based systems development & deployment, SAFe / Agile processes, and advanced integration technologies.

4A Consulting, LLC is proud to be an Equal Opportunity Employer

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, or any other characteristic protected by law.

4A is a certified Small Business Administration (SBA) Women-owned Small Business (WOSB) / Economically Disadvantaged Women-owned Small Business (EDWOSB), Maryland Department of Transportation Minority and Disadvantaged Small Business Enterprise (MBE / DBE), Minority Business Enterprise (National Minority Supplier Development Council), and Howard County (MD) Minority Business Enterprise IT firm.

Your Right to Work In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.