Senior Automation Security Specialist
- Washington, DC
Senior Automation Security Specialist
1. Tool Integration and Automation:
- Architect and implement power automate workflows to streamline the RMF compliance process, ensuring a significant reduction in manual effort and increased accuracy.
- Seamlessly integrate and synchronize cybersecurity tools such as Splunk, Qumlos, Axonius, and Tenable with enterprise platforms like ServiceNow, SharePoint and MS Teams, establishing a unified and efficient cybersecurity environment.
- Design and maintain a robust data aggregation and normalization system, ensuring seamless compliance checks and insightful reporting.
2. Compliance Automation:
- Champion the automation of security data collection and analysis to ensure meticulous NIST RMF ATO compliance.
- Innovate and develop scripts and tools for regular and thorough security scans and assessments, proactively identifying vulnerabilities.
- Curate visual dashboards and comprehensive reports in Splunk and similar platforms to continuously monitor compliance status and highlight potential areas of concern.
3. Risk Assessment and Management:
- Utilize automated tools for comprehensive asset inventory management, ensuring a complete overview of organizational assets and identification of security gaps.
- Automate and enhance the risk assessment process by integrating diverse data sources and applying relevant NIST controls, streamlining the RMF documentation process.
4. Continuous Monitoring and Improvement:
- Develop and implement cutting-edge continuous monitoring strategies for prompt detection and response to security incidents.
- Foster a culture of continuous improvement by regularly reviewing and refining automation processes to adapt to the evolving cybersecurity landscape.
5. Training and Knowledge Transfer:
- Orchestrate the development and delivery of comprehensive training materials and sessions, empowering security controls assessors with the knowledge to effectively utilize automated tools and interpret results.
- Document automation processes meticulously and create user-friendly guides to ensure consistent application of tools and methodologies.
6. Quality Assurance and Performance Tracking:
- Embed rigorous quality control measures within automation processes, ensuring the integrity and reliability of data and compliance assessments.
- Formulate and track key metrics and KPIs to monitor the performance of automated processes and the overall efficacy of the cybersecurity auditing function.
7. Collaboration and Communication:
- Foster a collaborative environment with security control assessors, IT staff and stakeholders, integrating feedback into the automation process and ensuring alignment with organizational goals.
- Translate complex technical information into accessible language for non-technical audiences, effectively communicating the strategic benefits of automation.
8. Policy and Procedure Development:
- Contribute strategically to the development and updating of policies and procedures related to automation in cybersecurity auditing.
- Certify that all automated processes are compliant with DHS 4300a and other relevant standards and guidelines, ensuring organizational alignment and integrity.
- Measurable reduction in RMF compliance process time and errors.
- Enhanced accuracy and efficiency in risk assessment and cybersecurity monitoring.
- Strengthened team collaboration and knowledge sharing, evidenced by effective training outcomes and comprehensive documentation.
REQUIRED SKILL SETS/EDUCATION/CERTIFICATES:
- 8+ years of experience in technology, automation and cybersecurity
- Advanced proficiency in a subset of Splunk, Tenable (Nessus), Axonius, Qumlos, ServiceNow, SharePoint, MS Teams, Power Automate, Python.
CLEARANCE LEVEL: US Citizen with eligibility for DHS Entry on Duty (EOD) and Secret Clearance.
Tuesday, November 7, 2023