Cloud Solutions Architect

Overview

At Bcore, our strength comes from how we deliver impact to the mission. Whether it’s architecting critical IT solutions, producing actionable intelligence, or developing cutting edge technology, we succeed because of the expertise, collaboration, and agility of our teams. Our Mission Services division combines enterprise IT, cloud solutions, DevSecOps, systems engineering, software development, and operational support. Our goal is not to simply support efforts, but to ignite a technology revolution, bridging the growing technology gap between the Government and commercial space. 

Do you want to join a team that is building tailored technical solutions to modernize our government’s mission and our client’s business?  Do you have a desire to change how people work?  Are you interested in helping to protect our nation’s cyber interests? Join our growing team supporting customer missions as a Cloud Solutions Architect in Herndon, Virginia.

Responsibilities

Overview

The Sponsor manages security assessment, security compliance, change management, and continuous monitoring responsibilities across 5 cloud service providers (Amazon Web Services, Google Cloud, Oracle Cloud, Microsoft Azure, and IBM Cloud). The work requires a healthy mix of technical and policy knowledge. The Sponsor requires support in understanding and implementing standards like ICD 503, NIST Risk Management Framework, and cloud technologies. The Sponsor needs polished skills in information system security engineering, and security control assessment. The work will be driven by the Sponsors needs and priorities.

Team Responsibilities

•  The Team shall manage security assessment, security compliance, change management, and continuous monitoring activities across 5 cloud service providers (Amazon Web Services, Google Cloud, Oracle Cloud, Microsoft Azure, and IBM Cloud) through the Sponsor's office.
•  The Team shall assess cloud security technologies for security gaps and weaknesses according to industry standards.

• The Team shall analyze security scan findings and perform risk analysis on security scan findings.

• The Team shall review cloud security body of evidence packages for completeness and accuracy.

• The Team shall collaborate with other internal components and security peers to determine security and potential weaknesses of cloud infrastructure and cloud services.

• The Team shall advise Sponsor leadership on cloud security services.

• The Team shall analyze system alerts to determine if a security weakness exists and document risk mitigation procedures.

• The Team shall sustain and evolve the Sponsor's standard operating procedures to meet Program Objectives.

• The Team shall facilitate technical exchange meetings (TEMs) with cloud service providers to review cloud service architectures.

Qualifications

Required Qualifications:   

• Demonstrated experience facilitating TEMs with cloud service providers to review cloud service architectures
• Demonstrated experience maintaining assessment and authorization (A&A) packages across multiple services or systems in accordance with FIPS-199, NIST 800-53, and CNSS 1253 requirements.
• Demonstrated experience designing, implementing, assessing or reviewing systems that utilize cloud technology with either Amazon Web Services, Oracle Cloud, Google Cloud, IBM Cloud, or Microsoft Azure cloud architecture.
• Demonstrated experience utilizing or reviewing cross domain technology and common architecture designs.
• Demonstrated experience consulting project teams on system architecture and security posture. Demonstrated experience with continuous monitoring requirements to include scan analysis for critical or high findings with common scan tools such as Rapid 7, Nessus, and Qualys.
• Demonstrated experience creating, monitoring, or closing system or service Plans Actions and Milestone items (POA&Ms).
• Demonstrated experience utilizing compliance tools to track assessment and authorization activities such as Xacta 360, Risk Vision, RSA Archer.
• Demonstrated experience with the common control provider concept within the NIST Risk Management Framework.
• Demonstrated experience with security control assessments to include working with SCAs and preparing security packages for SCAs.
• Demonstrated experience conducting information system security engineering activities.

Desired Qualifications

• Demonstrated experience using the Sponsors or IC element A&A process.
• Demonstrated experience creating or reviewing A&A body of evidence documentation in a cloud security environment.
• Demonstrated experience identifying, implementing, or reviewing appropriate information security controls.
• Demonstrated experience working in Xacta 36().

What you can expect from us

BCore is proud to be an equal opportunity workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, sexual orientation or any other characteristic protected by law.