Job Description
Ampcus Inc. is a certified global provider of a broad range of Technology and Business consulting services. We are in search of a highly motivated candidate to join our talented Team. Job Title: Security Engineer/Cyber Security Analyst. Location: Chantilly, VA. Role Summary
- We are looking for an experienced Security Engineer or Cybersecurity Analyst with deep expertise in the NIST Risk Management Framework (RMF) and a proven track record of achieving Authorities to Operate (ATO).
- The ideal candidate will be the key technical authority responsible for guiding our AI and ML systems from development through to a secure, production-ready state, ensuring they meet stringent security and compliance requirements.
Key Responsibilities:
• Security Compliance & ATO Leadership:
- Serve as the subject matter expert on NIST Special Publicationsecurity controls and the end-to-end RMF process.
- Lead and manage the entire ATO process for new and existing systems, from initial assessment to successful accreditation.
- Develop, maintain, and update all critical security documentation, including the System Security Plan (SSP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and Continuous Monitoring Strategy.
- Conduct security control assessments, gap analyses, and work directly with engineering teams to implement necessary remediation.
• AI & ML System Security Hardening:
- Partner with AI/ML engineers and data scientists to embed security into the AI development lifecycle (AISecOps).
- Perform threat modeling for AI systems, focusing on unique risks such as data poisoning, model inversion, adversarial attacks, and prompt injections.
- Develop and implement security controls specific to AI/ML workloads, including securing training data pipelines, model repositories, and inference endpoints.
- Assess the security posture of AI services and APIs and ensure their configuration meets compliance requirements.
• Technical Security Engineering:
- Design and implement security architecture for cloud-based (AWS, Azure, GCP) and on-premises systems hosting sensitive AI workloads.
- Configure and manage security tools for vulnerability scanning, intrusion detection, and log management (e.g., Tenable, Splunk, Wiz).
- Implement and validate identity and access management (IAM) policies, network security controls, and data encryption standards.
• Continuous Monitoring & Improvement:
- Establish and manage a continuous monitoring program to maintain security posture and ATO status.
- Analyze security findings and audit logs to identify and respond to potential incidents or compliance deviations.
- Stay current with emerging cybersecurity threats, especially those targeting AI/ML systems, and evolving NIST guidelines.
Required Qualifications:
- Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field, or equivalent practical experience.
- 5 years of hands-on experience in cybersecurity engineering or analyst role.
- Demonstrable, expert-level experience with the NIST RMF and successfully achieving Client for federal or DoD systems.
- Deep understanding of NISTRev 4 or 5) security controls and how to implement them technically.
- Strong technical background in cloud security (AWS, Azure, or GCP) and infrastructure-as-code (e.g., Terraform, CloudFormation).
- Experience with security assessment and scanning tools.
- Excellent written and verbal communication skills, with the ability to translate complex technical requirements for engineers and business justification for management.
Preferred Qualifications:
- Direct, hands-on experience securing AI/ML, GenAI, or Large Language Model (LLM) platforms in a production environment.
- Knowledge of AI-specific security concerns (e.g., OWASP Top 10 for LLMs, MITRE ATLAS).
• Relevant certifications such as:
- Compliance: CISSP, CISM, CAP, CISA, Security.
- Cloud: AWS Certified Security - Specialty, Azure Security Engineer Associate, Google Professional Cloud Security Engineer.
- Experience with DevOps/DevSecOps practices and tools (CI/CD pipelines, GitLab, Jenkins).
- Familiarity with other security frameworks such as FedRAMP, FISMA, or DoD SRG.
Ampcus is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veterans or individuals with disabilities.
Job Tags