• Assist in our security compliance programs, including ISO27001, ISO27701, PCI-DSS, SOC2 Type 2, and local regulations • Participate in internal security and privacy assessments, internal and external audits, compliance certifications, and risk management • Provide complete and accurate responses to internal and third-party enquiries on security compliance • Perform security compliance assessment activities, including periodic technical, organizational, and third-party risk and control assessments, and managing remediation activities to completion • Design and manage necessary control and framework required to comply with international standards and US local regulations • Identify and drive process improvements for streamlining global security compliance operations

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description Tier One Technologies is seeking a Sr. Cloud Security Engineer to support our direct US Government client. This contract-to-hire position is 100% remote. US citizenship is required. SELECTED CANDIDATES WITHOUT REQUIRED CLEARANCE WILL BE SUBJECT TO A FEDERAL GOVERNMENT BACKGROUND INVESTIGATION TO RECEIVE IT. - Responsible for the application security function and for information technology security (Cybersecurity/InfoSec) engineering, and design and serves as a technical expert authority. - Solve significant problems complicated by interfaces and inter-relationships between and among programs, systems, functions, applications, and numerous critical issues for agency-wide information technology solutions, operations, and maintenance supporting the security of agency infrastructure, systems, and information. - Manage and administer a wide range of security systems and tools: - Administer and operate cloud-based security tools such as Azure Security Center (Sentinel, Log Analytics, Azure WAF, Defender for Identity, Privileged Identity Manager); Microsoft 365 Security Suite (Defender, Advanced Threat Protection, Cloud Application Security, Protection Portal); Microsoft Security and Compliance Center; Microsoft Endpoint Manager (Intune); multi-factor authentication (MFA); web content filtering; and secure document sharing and collaboration solutions. - Responsible for primary or alternate management of all IT Security systems including patch management, upgrades, integration engineering, and reporting. - Manage security incident detection, response, remediation. - Conduct cyber threat and vulnerability analysis and remediation. - Develop security metrics and manage reporting and compliance. - Serve as Incident Response Team member. - Support operational implementation of FISMA/NIST standards and industry best practices. - Manage IT Security awareness training program in coordination with the Learning Management team, to include developing and delivering IT Security awareness training modules. - Manage Password Management system in coordination with Service Desk. - Respond to IT Security trouble tickets generated by customers and IT staff. Identify solutions, work with customers and the team to execute solutions, and manage ticket input, updates, and resolution in the company’s ticketing system to maintain service level agreements. - Support Security Operations and Engineering by providing technical solutions, support and expertise. - Identify security risks and recommend risk mitigation strategies. - Review new and existing systems to ensure baseline security requirements are met and to recommend security enhancements. - Develop security architecture and technical solutions for security products. - Develop and execute project plans to engineer, construct, deploy, and monitor/manage IT Security infrastructure solutions. - Demonstrate in-depth understanding of security requirements associated with cloud-hosted environments, services, and solutions. - Evaluate, recommend, and implement security controls associated with cloud-hosted environments, services, and solutions. Qualifications - Bachelor's Degree in Cybersecurity/Information Technology Security or related field of study from an accredited college or university. - Advanced degree in Cybersecurity or related field (desired). - 5+ years of specialized experience with hands-on skills in performing IT Application Security Assessments and specialized experience in Secure SDLC and Source Code Analysis (Manual & Tools) on Web-based Applications. - CERTIFICATIONS (One or more required): - Certified Secure Software Lifecycle Professional (CSSLP) - Certified Cloud Security Professional (CCSP) - Offensive Security Certified Professional (OSCP) - EC-Council Certified Application Security Engineer (CASE) - GIAC Certified Web Application Defender (GWEB) - Azure Developer Associate - Microsoft 365 Certified Security Administrator Associate - Microsoft Certified Azure Security Engineer Associate - Public Trust Investigation security clearance. - Hands-on experience with Static and Dynamic Application Security Testing using tools like HP Fortify, HP WebInspect, HCL Appscan, Snyk, Checkmarx, Synopsys, and Veracode. - Strong experience in Continuous Integration (CI) and Continuous Deployment (CD) practices. - Proficiency implementing FISMA, NIST, OMB guidelines, and other Federal regulations and guidance. - Experience interpreting and implementing FISMA/NIST requirements focused on the operational implementation and documentation of those requirements. - Proficiency in manual code review with the ability to identify potential vulnerabilities and best coding practices. - Expertise in application vulnerability and security assessments using various tools like Burp Suite Pro, OWASP Zap Proxy, DirBuster, Kali Linux, Metasploit Pro, Accunetix, Insight AppSec, GitLab, Coverity, Fortify, and GitHub Enterprise. - Working knowledge of security controls for cloud-hosted environments, applications, and services. - Prior experience in assessing application vulnerabilities and bugs in various applications. - Prior experience creating security testing pipelines and test plans. - Ability to implement and deploy an organization-wide Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities in development and production environments. - Extensive experience in preparing test Plans, writing test Cases, test Execution and follow up remediation efforts. - Familiarity with coding languages such as Java, .NET, Python, PHP, C++, C#. - Effective communication and collaboration skills to work with cross-functional teams, business units, stakeholders, and IT professionals, and brief executives. - Must be a US Citizen and be able to obtain Public Trust Clearance. - Secret Security clearance is preferred. - Must be able to pass a drug screening, criminal history, and credit checks. - Must have lived in the United States for the past 5 years. - Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members).

• Play a critical role in protecting Docusign’s products and customers by spearheading offensive security testing initiatives • Drive penetration tests, conduct red team exercises, mentor team members, and perform security research • Provide clear technical guidance and direction to the team • Mentor team members, imparting advanced offensive security skills and knowledge • Oversee the planning and execution of offensive security projects • Identify and direct areas for security investigation in coordination with the director and other leads • Serve as a key subject matter expert and point of contact for stakeholders, assisting with vulnerability impact analysis and defining remediation strategies • Work closely with the Product Security Incident Response Team (PSIRT) and engineering teams to analyze and drive the resolution of product security issue • Maintain professional and responsive communication with all stakeholders throughout the security evaluation lifecycle • Message key threats to the business to relevant stakeholders • Collaborate effectively with cross-functional groups, including Threat Intelligence and PSIRT, to continuously strengthen the overall product security posture

• Protect Docusign’s products and customers by engaging in penetration testing and vulnerability research • Conduct security assessments to identify weaknesses and propose remedial actions • Work with PSIRT and engineering teams to resolve security issues • Manage incident communications and evaluations with stakeholders • Mentor other engineers on security practices