Position Summary:
This position is located in the Office of Information Technology (OIT, RAD-20), Office of the Associate Administrator for Administration, Federal Railroad Administration (FRA). The incumbent’s supervisor is the IT Development & Security Branch Leader.
Key Responsibilities:
- Assist with the integration of Security and Privacy requirements in the CI/CD pipeline by following the of the DevSecOps principles.
- Integrates Security and Privacy requirements to all FRA applications hosted in the cloud and develop a cloud security architecture for FRA.
- Lead and monitors the implementation of risk based Continuous Monitoring program for FRA systems.
- Serve as a senior cyber security technical advisor who is responsible for the planning, implementation and execution of the enterprise cyber security and privacy requirements and senior cyber security engineer to ensure the NIST Risk Management Framework
- Perform a variety of cyber security and privacy tasks for FRA systems hosted on prem and in the cloud in accordance with Federal Security and Privacy requirements. Interpret security policies, laws, and requirements and help to implement by providing recommendations and guidance.
Required Education & Experience:
- Experience with domain structures, network protocols, user authentication methods, digital signatures, security best practices, network security devices such as network and application layer firewalls, data loss prevention techniques, network intrusion detection and prevention systems, and security vulnerability scanning tools.
- Experience with designing and orchestration of security architecture for the deployment of systems in the cloud using different cloud deployment models including the design and implementation of security in each OSI layer and designing Zero-trust systems
- Experience in developing, implementing and interpreting metrics for the evaluation of IT security program effectiveness and efficiency;
- Experience performing Security Authorization using NIST Risk Management Framework and security vulnerability remediation throughout system lifecycle
- Experience in developing, defining, managing and documenting IT security projects.