Skip Navigation
Serco Employees at work

System Outage Message

Thank you for visiting Serco’s Careers site. Due to scheduled system maintenance from approximately 9:00pm ET on Friday, September 14 until 12:00pm ET Sunday September 16 the site is temporarily unavailable. We regret any inconvenience, and invite you to please return after the stated maintenance end time. Thank you for your continued interest in career opportunities with Serco.

Search Serco Careers

To properly view the application site, you must be using Internet Explorer

Security Engineer IV NC52707425

Herndon, VA, US
Job Description The Cloud Security Engineer provides cloud security focused architectural support and engineering expertise for all Serco solutions that will be cloud (IaaS, PaaS, & SaaS) hosted. They will be responsible for developing the security architecture for Serco solutions migrating to cloud environments (e.g., AWS, Azure, etc.). The position also entails O&M responsibilities consisting of cloud security control definition and management for existing SaaS solutions.

The Cloud Security Engineer will be part of Serco’s Information Security team and work closely with our Solution Architecture team, IT team, and across the entire organization to implement and manage Serco’s cloud based information and system security posture. Another component of the role will be to develop and drive the creation of repeatable process and procedural documentation that will support delegation of O&M responsibilities.

Responsibilities include:
• Management and analysis of cloud security admin centers and security tools found in the supporting cloud services (e.g., AWS Inspector, Azure Security Center, Office 365 Security and Compliance Center, etc.)
• Assisting in the design, planning, and implementation of cloud based security controls, policies, and processes
• Security audit and compliance review and validation for cloud platforms
• Developing guidelines and reviewing security configurations related to cloud deployments and common web application frameworks (e.g., OWASP)
• Focusing on cyber security technologies and policies to safeguard networks, data, and applications from outside threats in a multi cloud environment
• Assisting Serco with transitions to Microsoft Azure cloud services such as tenant setup and service configuration, with a focus on cloud cyber security
• Implementation of industry leading practices around O365 cyber risks and cloud security
• Designing and developing cloud-specific security standards and procedures such as Azure and O365 tenant management and configuration, identify management and access control, firewall management, auditing and monitoring, security incident and event management, data protection (e.g., DLP, encryption), user and administrator account management, SSO, conditional access controls, and password/key management
• Assisting Serco with secure configuration and delivery of cloud security and compliance reports.
• Liaise with Serco global Office 365 service owners, fostering and helping to establish global subject matter expertise.
• Executing on cloud security engagements during different phases of the lifecycle (e.g., performing security reviews during design, implementation, & post implementation)
• Implementing industry leading O&M practices around O365/EMS cyber risks and cloud security for Serco and its clients
• Providing internal technical training to InfoSec security personnel as needed
• Supporting Managed Services and Solution Architecture teams as necessary
• Broad knowledge of and ability to explain key enterprise cloud security and compliance scenarios and security technical architecture in Azure, O365 and/or AWS (including hybrid security considerations)
• High-level expertise in sophisticated identity, authentication, security, privacy, and compliance requirements, and experience integrating them into cloud and hybrid solutions
• Deep and broad technical knowledge on security controls as part of cloud offerings across IaaS and PaaS services as well as management and governance (including security services, such as Azure Security Center, Azure AD, & Key Vault, KMS)
• Five (5) or more years of cyber security or information assurance experience, with a preference for supporting a Security Operations Center (SOC) in a cloud environment.
• Five (5) or more years of relevant work experience managing application and operating system containers and platforms, directory services, virtualized infrastructures, and other mission critical enterprise level systems
• Three (3) or more years of experience with security control sets and frameworks (e.g., Cloud Controls Matrix, FedRAMP, FISMA, HIPAA, HITRUST, PCI DSS) and compliance activities in cloud.
• Experience working with virtual networking and storage in cloud IaaS
• Strong scripting/programming with Bash, Powershell, Python, and Ruby is a plus
• DevOps/DevSecOps experience, CI/CD pipeline experience is a plus
• A proactive mindset with a focus on constant improvement and follow through at all levels
• Strong technical problem-solving skills
• Excellent writing skills
• Good presentation skills
• Ability to learn fast
Required Skills • Bachelor's degree (or higher) in field of Information Security or Technology • Cloud and/or cloud security focused certifications are a plus (e.g., AWS Certified Solutions Architect, CCSK, CCSP, CCSS, Cisco CCNA-Cloud, CISCS, Cloud+, PCSM) Work Location: Preference is that the candidate be local to Herndon, VA, but open to work being performed partially or entirely in a remote fashion
Employment Type Full time
Career Level Advanced Career
Job ID 52707425
Company Serco Inc. (Serco) is the Americas division of Serco Group, plc. Serco serves every branch of the U.S. military, numerous U.S. federal civilian agencies, the intelligence community, the Government of Canada, state and local governments, and commercial clients. We help our clients deliver vital services more efficiently, while increasing the satisfaction of their end customers. Headquartered in Herndon, Virginia, Serco has approximately 6,000 employees with an annual revenue of $1 billion and is part of a $4 billion global business that helps transform government and public services around the world. At Serco, our employees are our most valuable asset, and our success directly relates to our employees. At Serco, we listen, respect and support our employees and through continuous training, development and information-sharing, we advance talent internally, enhancing career growth and progression which enables not only our employees to excel but enables our customers to excel as well. It is not just a job at Serco; at Serco, we offer career opportunities. We invite you to become part of our dynamic team. Serco's people share a passion for delivering ethical service, innovation, and a commitment to results. We trust our people to deliver. Serco is an equal opportunity employer committed to diversifying its workforce (Race/ Color/ Sex/ Sexual Orientation/ Gender Identity/ Religion/ National Origin/ Disability/ Vets).
Functional AreaCyber Operations
DepartmentSerco’s Corporate departments include Finance, Human Resources, IT, Business Development, Legal, Communications and Corporate Services. All of our Corporate departments are focused on supporting our teams delivering on their contracts and working on the front-line with our customers.
To properly view the application site, you must be using Internet Explorer