Description

Project Overview:

DC Department of Health Care Finance, District of Columbia Access System (DCAS) is seeking a qualified and experienced Security Cloud Engineer to enhance and manage the organization's cybersecurity posture. The selected candidate will play a crucial role in safeguarding sensitive data,\ ensuring compliance with regulations, and strengthening the agency's overall security framework on a contract basis. The Cybersecurity Cloud Engineer will be responsible for assessing, implementing, and maintaining the security measures necessary to protect the organization's digital assets and information.

Scope of Work:

The Security Cloud Engineer will support the District of Columbia Access System (DCAS) under the Technical Program manager to identify security vulnerabilities, design, and implement security solutions, monitor security systems, and respond to security incidents impacting DHCF on-premises and cloud hosted resources. The contractor shall provide subject matter expertise in the design, development and implementation of security best practices which includes, but is not limited to, network security, application security, access control, and security policy development.

Responsibilities:

·In-depth knowledge of cloud security best practices, principles, and technologies, including IAM, encryption, network security, container security, and serverless security.

·Hands-on experience with cloud security tools and services such as AWS Security Hub, AWS native security services, cloudtrail, guard duty, security groups, cloudwatch.

·Review the design and implement secure AWS cloud architecture solutions, including VPC configurations, security groups, IAM policies, encryption mechanisms, and logging and monitoring for the AWS cloud environment.

·Conduct vulnerability assessments and penetration testing on AWS infrastructure and applications. Develop and implement remediation plans to address security vulnerabilities and weaknesses.

·Strong understanding of security compliance requirements and frameworks (e.g., GDPR,HIPAA, SOC 2, ISO 27001) and experience implementing controls and measures to achieve compliance. 

proficiency in scripting and automation for security automation and orchestration.

· Excellent analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions.

· Provide security training and guidance to AWS users, developers, and administrators to promote a culture of security awareness and compliance within the organization.

---------------------------------------------
CONTRACT JOB DESCRIPTION
Responsibilities:
1. Expertise in implementing, administrating and operating information security technologies such as firewalls, IDS/IPS, SIEM, Antivirus, network traffic analyzers and malware analysis tools.
2. Utilizes advanced experience with scripting and tool automation such as Perl, PowerShell, Regex.
3. Develops, leads, and executes information security incident response plans.
4. Develops standard and complex IT solutions & services, driven by business requirements and industry standards.
5. May also leverage dynamic and static code assessment tools to measure vulnerability of applications throughout the SDLC.

Minimum Education/Certification Requirements:
BS Degree in IT, Computer Science, or Engineering, or equivalent experience
Masters Degree in Engineering or Computer Science is HIGHLY PREFERRED

This position is housed under the Department of Health Care Finance in direct support of the DC Access System (DCAS).

Requirements

• Minimum of 15 years of experience working in the field of Cloud cybersecurity--Required 15 Years
• Knowledge of federal and industry-specific regulations and compliance requirements related to cybersecurity (e.g., FISMA, HIPAA, GDPR)--Required 5 Years
• Experience in preparing for and participating in security audits and assessments for Cloud environments--Required 5 Years
• Expertise in AWS network security, including AWS firewalls--Required 10 Years
• Proficiency in security technologies such as SIEM (Security Information and Event Management) systems and endpoint protection solutions for AWS--Required 5 Years
• Demonstrated ability to develop and implement security policies, procedures, and standards--Required 10 Years
• Strong understanding of AWS cloud security principles and best practices--Required 10 Years
• 16 yrs. developing, leading, and executing information security incident response plans--Required 16 Years
• 16 yrs. developing standard and complex IT solutions & services, driven by business requirements and industry standards--Required 16 Years
• BS Degree in IT, Cybersecurity, Engineering, or equivalent experience--Required