Description:This position is for an Information Security professional working for Lockheed Martin's (LM) Enterprise IT organization in the Enterprise Operations Information Security Office (EO ISO).
Duties of this position will be varied, but may include:
- Security Engineering: Defining security requirements, designing secure solutions for both cloud and on-premise IT implementations, developing and executing test cases and providing general cyber security support in accordance with policies, procedures, standards and best practices.
- Designing and validating security standards, policies and solutions that align with the dynamic and agile nature of today's IT.
- Documenting and communicating the security standards, policies and solutions to allow for quicker and easier adoption.
- Driving the use and implementation of automation as a first approach solution
- Providing technical guidance for architecture decisions involving Cloud security and other modern technologies
- Reviewing and assessing risks and policy compliance exceptions associated with IT environments
- Evaluating firewall change requests considering the risk impact of the request
- Assisting with tracking of non-core IT assets for security compliance
- Assisting with IT asset assessments and compliance exception actions related to Cyber DFARS compliance
- Assisting with remediation actions resulting from vulnerability scans for operating systems, databases and web applications
- Reviewing and approving security categorization forms (initial risk assessment) of IT environments
- Performing other tasks and special projects as assigned by the EO ISO.
This is a dynamic, fast-paced environment where quick ramp-up and the ability to effectively manage multiple priorities is critical to success. The ability to work effectively in a virtual team will enable success for the individual in this role as well as the team.
- Wide range of knowledge across IT disciplines including software, hardware, network engineering.
- Experienced in Information Assurance and security engineering principles involving application security, security testing, communications / network security, computer security and other areas of Information Assurance.
- Proven ability to interpret security and information protection policies into executable requirements.
- Experience performing security risk assessments.
- Experience performing threat analysis and threat modeling, implementing mitigating solutions and driving technical risk management decisions in support of business requirements
- Proven successful experience interacting with internal customers and project co-workers.
- Proven successful experience interacting with external vendors / suppliers / partners.
- Effective written and oral communication skills.
- Experience following standardized engineering life-cycle processes and tailoring processes when appropriate.
- Ability to obtain, at a minimum, a secret level clearance
- Recognized security certification (CISSP, CEH or others)
- Recognized cloud certification (CSSP, AWS CSA, CompTIA Cloud+, CCSK or others)
- Knowledge of LM Corporate security policies
- Prior experience with secure software development, integration and testing including vulnerability remediation
- Understanding of cloud computing design and security principles, preferably AWS
- Knowledge of common DevOps tools such as Chef, Puppet, Jenkins, Git
- Demonstrated experience utilizing agile frameworks for project lifecycle
- Proven ability to independently identify and problem solve issues with minimal direction from leadership
- Demonstrated understanding / proficiency in application containerization, APIs, web services
- Strong knowledge of data center processes including cloud environment architecture and infrastructure
Job ID: 466563BR