Security Operations Compliance Manager

Peraton is seeking a Security Operations Compliance Manager ("Compliance Manager") to join our team of qualified and diverse individuals. The Compliance Manager will be part of the Department of State (DOS) Bureau of Consular Affairs Enterprise Infrastructure Operations (CAEIO) Program. CAEIO provides IT Operations and Maintenance to modernize the legacy networks, applications, and databases supporting CA services globally.

CAEIO's Security Operations team performs Information Assurance (IA) and compliance support services to maintain CA production systems and improve cyber hygiene and security across various applications, platforms, and operating systems. Specific activities include:

Supporting the A&A process (another contractor coordinates and manages the A&A process).
• Developing and implementing remediations to POA&M findings, reporting POA&M status, and maintaining acceptable POA&M grades.
• Identifying, remediating, tracking, managing, and validating findings from other sources outside of the A&A process.
• Maintaining standard configurations in compliance with DOS security standards.
• Advising CAEIO teams and government stakeholders on how to manage and/or mitigate vulnerabilities and exposures discovered in the environment.
• Complying with the Security Impact Assessment (SIA) process.

The Compliance Manager will own the remediation process - from identifying risks and vulnerabilities to tracking and reporting remediation efforts, to closing risks and vulnerabilities. The Compliance Manager "speaks" cybersecurity with colleagues, customers, and other stakeholders and manages the monitoring and reporting function.

Primary Responsibilities

• Coordinate IA activities, including responses to security findings, within the IA team and across program teams (IA, Infrastructure, Engineering, and Applications).
• Provide recommendations to application teams regarding vulnerability and risk analysis within the cybersecurity industry, including current and emerging technologies, methodologies (including cloud security models).
• Develop comprehensive, executive-level dashboards that provide essential project information, such as risks, issues, impediments, and projected completion dates.
• Develop and maintain the Plan of Actions and Milestones (POA&M), Acceptance of Risk (AOR) and other required security documentation processes and procedures.
• Review existing governance, risk, and cybersecurity documentation for compliance with the Risk Management Framework (NIST SP 800 53 Rev 4 and NIST SP 800-37) and Security and Privacy Controls.
• Identify process improvement opportunities; develop and execute process improvement plans.
• Communicate technical findings to both technical and non-technical audiences, including project managers, systems engineers, developers, enterprise architects and senior management.

Core Work Schedule: 1st Shift, 7:00 am - 4:00 pm - Monday through Friday

Work Location: This position is hybrid with remote work and up to one day per week in the office in Sterling, VA or Washington, DC.

Required Qualifications

• U.S. citizenship and an active SECRET Government Security Clearance with the ability to obtain TOP SECRET.
• 8+ years of related Compliance, Information Assurance, and data privacy experience in a Security Operations Center - primarily in a government environment, dealing with business critical, high availability systems.
• 8+ years of information security governance, audit, risk management, or related client service or consulting experience.
• Knowledgeable of the NIST Risk Management Framework (RMF), 800-53 rev. 4 control list.
• Experience with Federal Information Security Management Act (FISMA), DOD - STIG Compliance, Federal Risk & Authorization Management Program (FedRAMP).
• Experience with enterprise scanning tools: such as Nexpose, Tanium, and Nessus.
• Experience using tracking and reporting tools, such as Confluence, ServiceNow, and SharePoint.

Team members who thrive on the CAEIO program:

• Demonstrate flexibility by managing multiple tasks and reprioritizing tasks - often to meet tight and periodically changing deadlines.
• Drive projects to completion in a fast-paced environment.
• Leverage strong written and verbal communications skills to prepare and present technical documentation to audiences with different levels of technical knowledge.
• Transition seamlessly between being self-directed with limited supervision to being a team player who takes direction from others.

Desired Qualifications

• Security+ CE or other 8570 IAT Level II Certification.
• Linux, CISSP, Azure or other relevant certifications to the position.
• Experience with Azure Sentinel.
• 2+ years Red Hat Linux & Oracle Linux experience in an enterprise environment.
• 2+ years Windows experience in an enterprise environment.
• 2+ years of Cloud environment experience.
• Working knowledge of OEL & RHEL systems - has basic knowledge of both Operating Systems to include navigating to servers and providing artifacts in for POA&M validation.
• Certified SPLUNK Power User or higher.
• 4+ years querying and manipulating data with at least 2+ experience with SPL with knowledge of data types, conditions, and regular expressions.
• Experience with DevSecOps concepts, tools, and automation skills.
• Familiarity with industry standard host-based security systems (HBSS) and Assured Compliance Assessment Solutions (ACAS).
• Knowledge of various network vulnerability scanning platforms such as Nessus; A&A processes and authorization boundaries; IT security best practices; and system administration, networking, and operating system hardening techniques.

Education and Experience Requirements: High school diploma (or equivalent) and 16 years of experience; Associate degree and 14 years of experience; Minimum of 12 years with BS/BA; Minimum of 10 years with MS/MA; Minimum of 7 years with Ph.D.

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.