דרושים Security Administrator ב-United States

Responsibilities

• The successful candidate will work with GPS engagement teams, supporting functions, and EY’s Client Technology and Global Information Security organizations to develop and maintain a security and compliance program across all environments, platforms and applications used or desired for use by GPS. Responsibilities include:
• Strategy, Governance and Risk Management
• Development and execution of a multi‑year cybersecurity strategy and investment roadmap aligned to business objectives and federal contract requirements.
• Development, management and maintenance of the GPS IT security risk management policy and/or procedural documentation mapped to NIST SP 800-37 (RMF), NIST SP 800‑53, NIST SP 800‑171, NIST SP 800‑161 (C‑SCRM), and NIST SP 800‑218 (SSDF)
• Ownership of the enterprise risk assessment (ERA), business impact analysis (BIA), and security metrics; present posture and material risk to the COO on a recurring cadence.

Defense Industrial Base Compliance (Classified & Unclassified)

• Manage GPS compliance with DFARS 252.204-7012, 252.204-7020, and 252.204-7021. This includes:
  • Leading DFARS/CMMC readiness and ongoing compliance.
  • Serving as the Affirming Official (AO) and maintaining an accurate SPRS self‑assessment score with defensible Plans of Action and Milestones (POAMs).
  • Achieving and maintaining CMMC certification at level 2.
  • Overseeing management and maintenance of POAMs.
• Ensure systems operated for the government are designed properly and assessed against the appropriate requirements such as FedRAMP, Cloud Computing Security Requirements Guide, IRS 1075, and MARS-E.
• Ensure safeguarding and incident reporting obligations for CUI (e.g., DFARS 252.204‑7012 72‑hour reporting) are met; coordinate with DC3/DIBNet and affected customers when necessary.
• Oversee NISPOM compliance for classified systems; partner with FSO to achieve and maintain Authorizations to Operate (ATOs).
• Ensure proper handling of export‑controlled data (ITAR/EAR).
• Prepare for and lead Program through contractually required assessments and customer audits; keep evidence, policies, configurations, and logs audit‑ready.
• Respond to government inspections or audits in coordination with EY Information Security and Risk Management.

Secure Cloud, Identity & Enterprise Platforms

• Own security architecture and controls for Azure Government (Azure Gov) and Microsoft 365 GCC High tenants, including Conditional Access, PIM/PAM, encryption, logging/retention, and data governance for CUI.
• Implement Zero Trust principles across identity, endpoints, networks, and workloads; drive continuous verification and least‑privilege.
• Deploy and operate EDR/XDR, SIEM/SOAR, DLP, CASB/SSE/SASE, MDM, key management/HSM, and vulnerability/configuration management at scale.
• Oversee user authorization process and ongoing attestation of user authorization and access.
• Assist to resolve GPS practitioners’ access or other issues with Enclave environments.
• Ongoing development, coordination and sustainment of Information Security Continuous Monitoring (ISCM) Program across all applications within the environment.

DevSecOps & Secure SDLC

• Establish a software security program aligned to NIST SSDF (SP 800‑218) and EO 14028 expectations; integrate security into SDLC across GitHub and Azure DevOps.
• Govern AppSec tooling and policy: SAST (e.g., Checkmarx), DAST (e.g., Qualys/AppScan), SCA/OSS (e.g., Mend), IaC/container/K8s scanning, and Wiz/Wiz Code; enforce build‑time gates and remediation SLAs.
• Require SBOM generation, artifact signing/provenance (e.g., SLSA targets), and secrets management across all repositories and pipelines.

Detection, Response & Resilience

• Develop, manage and maintain GPS incident response program.
• Lead SOC and CSIRT functions: 24×7 monitoring, threat intelligence, purple/red‑team exercises, and executive tabletop drills.
• Maintain and test the Incident Response Plan and Cyber Crisis Playbook, including regulatory/customer communications and forensics preservation.

Effective Business Integration

• Ensure development of fit-for-purpose solutions that support the business activities.
• Manage integration of Firm applications into the GPS Enclave environment.
• Understand and facilitate communication of EY’s IT disaster recovery and business continuity plans to GPS clients, potential clients and engagement teams (including engagement team responsibilities).
• Augment existing Client Security Assurance reviews of data protection requirements contained in RFPs/RFQs to adequately respond, and assist in development of GPS client security and data protection (confidentiality) plans.
• Monitor regulatory or other developments in INFOSEC principles, regulatory requirements and leading practices.

Leadership, Team and Budget

• Role model a leadership style that brings infrastructure, application and cybersecurity professionals together to collaborate constructively on the design, implementation and operation of controls.
• Build and mentor a high‑performing organization spanning Policy/GRC, AppSec/DevSecOps, Security Engineering/Architecture, SOC/IR, and Third‑Party & Supply‑Chain Risk.
• Own the cybersecurity budget and vendor portfolio; rationalize tools and services for value, performance, and compliance.
• Participate in purchasing and enhancement of third-party tools for GPS.
• Augment and potentially streamline existing Vendor Supplier Risk Assurance Program during evaluation of subcontractor compliance with applicable cybersecurity and data protection clauses.
• Drive a security‑first culture: ongoing training, phishing simulations, secure coding education, and leadership engagement including data protection and awareness and role-based training programs.
• Coordinate and respond to annual (or more frequent) independent risk assessments and cyber security reviews.

Qualifications:

• 12+ years of progressive cybersecurity leadership, including 5+ years at the enterprise or business‑unit executive level.
• 5+ years FISMA related experience
• Bachelor’s degree in IT-related field or bachelor’s degree in non-IT related field with a total of 10 years of information security experience
• Master’s degree preferred
• Ability to obtain and maintain Top Secret clearance
• US citizenship required
• Must have government sector experience
• Thorough knowledge and understanding of:

• • FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems
  • DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting
  • NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
  • NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations
  • GSAM 552.239-70, Information Technology Security Plan and Security Authorization, 552.239-71, Security Requirements for Unclassified Information Technology Resources and similar clauses in agency FAR supplements
  • FISMA
• Specialized knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications, particularly those associated with the Risk Management Framework
• Proven experience in the Defense Industrial Base with DFARS/CMMC and NIST SP 800‑171 implementation and audits (including POA&M and SPRS management).
• Experience with FEDRAMP compliance authorization and monitoring
• Deep expertise securing Azure Government and Microsoft 365 GCC High environments
• Experience working with other Government cloud communities, including AWS
• Experience working with classified environments, achieving/maintaining ATOs, overseeing classified systems under NISPOM and DoD RMF, and working understanding of SCIF operations
• Knowledge and experience with vulnerability scanning execution, assessment, and analysis
• Knowledge and experience of networks, including LAN and WAN
• Knowledge and experience with application security, database security, and network security
• Experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines
• Hands‑on leadership of DevSecOps and software security programs covering GitHub/Azure DevOps/Jenkins with SAST/DAST/SCA, IaC/container security, SBOMs, and supply‑chain controls.
• Demonstrated analytical, problem-solving, organizational, interpersonal and communication skills required.
• The ability to collaborate effectively with diverse stakeholders, including client-facing, legal, finance and contracting teams, executives, engineers, customers and assessors on a wide variety of tasks, as needed.
• Ability to foster professionalism and demonstrate integrity and confidentiality in all actions.
• Ability to demonstrate flexibility when required, sense urgency, organize and prioritize work, and achieve against tight deadlines.
• The ability to interpret and communicate regulatory requirements related to cybersecurity and data protection.
• Possession of excellent written/verbal communications skills.
• Possession of excellent analytical skills, including strict attention to detail.
• Ability to assess and weigh current and evolving security threats in an operational environment
• Possession of Information Systems Security Professional certification (CISSP)
• Certifications such as CISSP, CISM, CCISO, CCSP, CRISC, CISA, PMP, and relevant GIAC credentials preferred

Responsibilities include, but are not limited to, the following:

• Install and configure POWER BI.
• Monitor the POWER BI platform, including integration with RTX observability and alerting solutions, and recommend platform improvements.
• Troubleshoot and resolve POWER BI platform issues.
• Configure data source connections and manage asset libraries.
• Identify and raise system capacity related issues (storage, licenses, performance threshold).
• Define best practices for POWER BI deployment.
• Integrate POWER BI with other ES Data platforms and Business Unit installations of POWER BI.
• Participate in overall data platform architecture and strategy.
• Research and recommend alternative actions for problem resolution based on best practices and application functionality with minimal direction.

Knowledge and Skills:

• 3+ years working in customer success or in a customer-facing engineering capacity is required.
• Large scale implementation experience with complex solutions environment.
• Experience in customer-facing positions, preferably industry experience in technology based solutions.
• Experience being able to navigate, escalate and lead efforts on complex customer/partner requests or projects.
• Experience with Linux command line.
• An aptitude for both analyzing technical concepts and translating them into business terms, as well as for mapping business requirements into technical features.
• Knowledge of the software development process and of software design methodologies helpful
• 3+ years experience in a cloud ops / kubernetes application deployment and management role, working with an enterprise software or data product.
• Experience with Attribute-based Access Control (ABAC), Virtual Director Services (VDS), PING Federate or Azure Active Directory (AAD) helpful.
• Cloud platform architecture, administration and programming experience desired.
• Experience with Helm, Argo CD, Docker, and cloud networking.
• Excellent communication skills: interpersonal, written, and verbal.
• Experience with Identity Access Management (IAM).

• Candidates with DoD experience are preferred.

Education and Work Experience:

• This position requires a minimum A BA/BS Degree (or equivalent) in technology, computing or other related field of study.
• Experience in lieu of education may be considered if the individual has ten (10) or more years of relevant experience.

Hours:

• Normal work schedule hours may vary, Monday through Friday. May be required to work flexible hours and/or weekends, as needed, to meet deadlines or to fulfill application administration obligations.
• May participate in an on-call rotation for multiple BI platforms.
• Ability to travel

Your Key Responsibilities

• Install and configure specific applications.
• Monitor the application platform, including integration and alerting solutions, and recommend platform improvements.
• Troubleshoot and resolve application platform issues.
• Configure data source connections and manage asset libraries.
• Identify and raise system capacity related issues (storage, licenses, performance threshold).
• Define best practices for application deployment.
• Integrate application with other ES Data platforms and Business Unit installations of application.
• Participate in overall data platform architecture and strategy.
• Research and recommend alternative actions for problem resolution based on best practices and application functionality with minimal direction.

To qualify for the role you must have

• Bachelor’s degree in Computer Science or other related field

• A minimum of 5 years’ experience customer success or in a customer-facing engineering capacity is required.
• Large scale implementation experience with complex solutions environment.
• Experience in customer-facing positions, preferably industry experience in technology based solutions.
• Experience being able to navigate, escalate and lead efforts on complex customer/partner requests or projects.
• Experience with Linux command line.
• An aptitude for both analyzing technical concepts and translating them into business terms, as well as for mapping business requirements into technical features.
• Knowledge of the software development process and of software design methodologies helpful
• 5+ years experience in a cloud ops / kubernetes application deployment and management role, working with an enterprise software or data product.
• Experience with Attribute-based Access Control (ABAC), Virtual Director Services (VDS), PING Federate or Azure Active Directory (AAD) helpful.
• Cloud platform architecture, administration and programming experience desired.
• Experience with Helm, Argo CD, Docker, and cloud networking.
• Excellent communication skills: interpersonal, written, and verbal.
• Experience with Identity Access Management (IAM).

Ideally, you’ll also have

• Experience with DoD

What we look for

We’re interested in intellectually curious people with a passion for finding new and innovative ways to make things better. You’ll also need to be a self-starter and quick learner with a strong background in computer science from both theoretical and practical points of view. If you’re ready to be the future of the group and make your mark in a growing business, this role is for you.