A client is looking for a Cybersecurity Engineer, to sit out of their Arlington, Virginia office. The responsibilities include:

Responsibilities:

• Develop reference architectures that can be used to solve common requirements or mitigate trends in security findings in a repeatable way following (and identifying) recommended best practices.
• Lead threat modeling and partner with technical delivery teams to integrate security requirements and practices into solutions.
• Drive security architecture reviews of platforms & applications in complex multi-tenant, multi-provider, and vendor-cloud environments.
• Deliver strategic roadmaps – Research and investigate new effective ways of delivering security as code, automation into the existing security architecture assessments and processes and other service delivery optimizations.
• Ensure assessments are known, documented, and properly performed to produce consistent, timely, high-quality deliverables. Develop and maintain technical proficiency and related certifications for core products and solution areas.
• Experience designing and implementing security solutions for cloud-based systems, including IAM, network security, data protection, DevSecOps and compliance preferred.
• Experience in a role that has designed and implemented NIST 800-53, FISMA and FedRAMP Moderate/High controls is required.
• Strong understanding of cloud security best practices, controls, policies, encryption, authentication, authorization, and audit capabilities.

Key Qualifications include:

• Bachelor's degree or equivalent experience in business, computer science, or management information systems
• 10+ of professional experience solving business problems with technology solutions at an energy facility or related industry
• Preferred industry recognized experience in security (e.g., CISSP, CCSK, CISA, CISM, CEH)
• Minimum of 5 years of experience in IT security risk assessments and related frameworks (e.g., NIST 800 series, ISO 27000 series, IT General Controls)
• Knowledge of Identity and Access Management (IAM), Cryptography / Key Management, Access Controls and Security Protocols, secrets modernization, secrets management e.g., Multi-factor, SAML, OAuth, OIDC etc.