Senior Automation Security Specialist

JOB DUTIES:

1. Tool Integration and Automation:

• Architect and implement power automate workflows to streamline the RMF compliance process, ensuring a significant reduction in manual effort and increased accuracy.
• Seamlessly integrate and synchronize cybersecurity tools such as Splunk, Qumlos, Axonius, and Tenable with enterprise platforms like ServiceNow, SharePoint and MS Teams, establishing a unified and efficient cybersecurity environment.
• Design and maintain a robust data aggregation and normalization system, ensuring seamless compliance checks and insightful reporting.

2. Compliance Automation:

• Champion the automation of security data collection and analysis to ensure meticulous NIST RMF ATO compliance.
• Innovate and develop scripts and tools for regular and thorough security scans and assessments, proactively identifying vulnerabilities.
• Curate visual dashboards and comprehensive reports in Splunk and similar platforms to continuously monitor compliance status and highlight potential areas of concern.

3. Risk Assessment and Management:

• Utilize automated tools for comprehensive asset inventory management, ensuring a complete overview of organizational assets and identification of security gaps.
• Automate and enhance the risk assessment process by integrating diverse data sources and applying relevant NIST controls, streamlining the RMF documentation process.

4. Continuous Monitoring and Improvement:

• Develop and implement cutting-edge continuous monitoring strategies for prompt detection and response to security incidents.
• Foster a culture of continuous improvement by regularly reviewing and refining automation processes to adapt to the evolving cybersecurity landscape.

5. Training and Knowledge Transfer:

• Orchestrate the development and delivery of comprehensive training materials and sessions, empowering security controls assessors with the knowledge to effectively utilize automated tools and interpret results.
• Document automation processes meticulously and create user-friendly guides to ensure consistent application of tools and methodologies.

6. Quality Assurance and Performance Tracking:

• Embed rigorous quality control measures within automation processes, ensuring the integrity and reliability of data and compliance assessments.
• Formulate and track key metrics and KPIs to monitor the performance of automated processes and the overall efficacy of the cybersecurity auditing function.

7. Collaboration and Communication:

• Foster a collaborative environment with security control assessors, IT staff and stakeholders, integrating feedback into the automation process and ensuring alignment with organizational goals.
• Translate complex technical information into accessible language for non-technical audiences, effectively communicating the strategic benefits of automation.

8. Policy and Procedure Development:

• Contribute strategically to the development and updating of policies and procedures related to automation in cybersecurity auditing.
• Certify that all automated processes are compliant with DHS 4300a and other relevant standards and guidelines, ensuring organizational alignment and integrity.

PERFORMANCE METRICS:

• Measurable reduction in RMF compliance process time and errors.
• Enhanced accuracy and efficiency in risk assessment and cybersecurity monitoring.
• Strengthened team collaboration and knowledge sharing, evidenced by effective training outcomes and comprehensive documentation.

 

REQUIRED SKILL SETS/EDUCATION/CERTIFICATES:

 

• 8+ years of experience in technology, automation and cybersecurity
• Advanced proficiency in a subset of Splunk, Tenable (Nessus), Axonius, Qumlos, ServiceNow, SharePoint, MS Teams, Power Automate, Python.

 

CLEARANCE LEVEL: US Citizen with eligibility for DHS Entry on Duty (EOD) and Secret Clearance.

Posted On: Tuesday, November 7, 2023