At VivSoft, we aim to solve complex federal problems using emerging and open technologies in a collaborative and rewarding environment. VivSoft is a diverse team of strategists, engineers, designers, and creators experienced in building high performance effective softwares, with impactful organizational design and organizational dynamics for software delivery. We build secure Software Factories based on DoD reference designs and NIST Frameworks for Cloud and DevSecOps. These factories deliver AI/ML Applications, Data Science Platforms, Blockchain and Microservices for DoD, Healthcare and Civilian Agencies.
Job Summary
Cloud-Based Command and Control (CBC2) will provide decision superiority for the DAF, DoD, and Coalition partners by revolutionizing Tactical C2. CBC2 will rapidly and radically improve kill chain worflows for Tactical C2 operators as defined in the Capability Needs Statements (CNS) by focusing on an integrated working system with continuous delivery to warfighters.
About the role:
- Design, test, and implement secure operating systems, networks, and IT security systems within the AWS cloud environment.
- Conduct risk and vulnerability assessments at the network, system, and application levels within the AWS ecosystem.
- Perform threat modeling exercises to identify potential security threats and vulnerabilities specific to AWS.
- Develop and implement security controls and operational risk mitigations within the AWS cloud.
- Assist in security awareness programs with a focus on AWS best practices and provide guidance to enhance organizational security posture within the cloud.
- Research, evaluate, and recommend new security tools, techniques, and technologies, emphasizing AWS-native solutions.
- Introduce new security tools to the enterprise in alignment with IT security strategy, with consideration for AWS compatibility.
- Utilize COTS/GOTS and custom tools and processes/procedures for vulnerability identification, containment, mitigation, and remediation within AWS.
- Support the implementation of government policies such as NISPOM, DCID 6/3, and recommend process tailoring for AWS environments.
- Validate established security requirements and recommend additional security requirements and safeguards within AWS.
- Support formal Security Test and Evaluation (ST&E) processes required by government accrediting authorities for AWS-based systems.
- Conduct reviews of system audits within AWS and monitor corrective actions until closure.
- Support the development, maintenance, and reporting of cyber metrics specific to AWS.
- Provide briefings to senior staff on cybersecurity matters related to AWS.
Skills / Qualifications:
- Bachelor’s degree in computer science, Information Technology, or a related field.
- Deep knowledge of RMF is mandatory.
- Must have strong experience in Incident Response (IR) plans and Security Impact Assessments (SIA).
- Proven experience in cloud cybersecurity, with a focus on designing and implementing secure systems within AWS.
- Strong understanding of risk and vulnerability assessment methodologies, especially within the AWS cloud.
- Experience with incident response, digital forensics, loss prevention, and eDiscovery within AWS.
- Knowledge of government security policies and regulations, such as NISPOM and DCID 6/3, as they apply to AWS environments.
- Familiarity with AWS security best practices, tools, and services.
- Ability to work with cross-functional teams and communicate effectively with senior staff.
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or equivalent.
- Strong analytical and problem-solving skills.
- Preferred: experience in application security, prior developer experience, SD elements, Elk & Cabana (Elastic Search); familiarity with making dashboards using those programs, and trend micro deep security.
