November 05, 2024
Sr. Information Security Technical Lead
As the number of cyberattacks and digital threats continue to grow, our world needs more passionate and innovative individuals who seek to be trailblazers in and shapers of the rapidly evolving cybersecurity landscape.
At Trend Micro, we offer tremendous opportunities that will challenge and equip you to become engineered to do good in whatever path you take. By choosing to be an agent of change, you will be part of an impactful mission that aims to make the world safe for exchanging digital information.
What you'll do:
Lead and Manage FedRAMP Operations
- Act as the PH Technical Lead for processing FedRAMP security cases for Incident Management with FedRAMP Ops members of the Americas Region.
- Leverage a team of L1 SOC Analysts responsible for FedRAMP security alert monitoring.
- Overseeing security monitoring and compliance efforts
Compliance Program Development and Management
- Develop, implement, and manage the FedRAMP compliance program, ensuring that all cloud services adhere to stringent FedRAMP standards.
- Work directly with TrendMicro VisionOne/CloudOne products for Government SaaS offerings and FIPS-compliant software releases.
Lifecycle Management
- Coordinate and manage all phases of the FedRAMP lifecycle, including initial assessments, authorizations, continuous monitoring, and reauthorizations.
Collaboration and Integration
- Collaborate extensively with internal teams (IT, security, development) to integrate FedRAMP requirements into organizational processes and technology stacks.
Documentation and Automation
- Develop and maintain System Security Plans (SSP), policies, procedures, and controls to support FedRAMP compliance.
- Automate the Plan of Action & Milestones (POA&M) and other continuous monitoring requirements.
Regular Security Assessments
- Conduct regular security assessments and audits to ensure persistent compliance with FedRAMP and other relevant standards.
Change Monitoring and Compliance Adaptation
- Monitor changes in FedRAMP requirements and guidelines, adapting practices to stay compliant with the latest updates.
Guidance and Expertise
- Serve as the primary point of contact for FedRAMP inquiries and coordination with external auditors and assessors.
- Provide guidance on FedRAMP-related topics to internal teams and conduct security risk assessments.
Reporting
- Prepare and present detailed compliance reports to senior management and stakeholders, highlighting the status of FedRAMP initiatives and addressing any areas needing attention.
What you need:
- 3+ years in information security or network administration, particularly within an enterprise-level Security Operations Center (SOC).
- Strong experience with firewalls, Windows Servers, and PCs; experience with routers and switches is preferred.
- Minimum of 3 years in security compliance or Governance, Risk, and Compliance (GRC), preferably supporting U.S. public sector security authorizations.
- In-depth knowledge of Azure GovCloud, Sentinel, Nessus, HCL App Scan, JIRA, SIEM, IDS/IPS, EDR, and network monitoring tools.
- Solid understanding of FedRAMP, CMMC, NIST 800-53, NIST RMF, FISMA, and similar frameworks.
- Proficient in Windows, macOS, and Linux operating systems.
- Capable in risk management and assessment procedures.
- Skilled in network security and architecture, both wired and wireless.
- Knowledgeable in enterprise and security architecture.
- Familiarity with cloud hyperscaler services (e.g., AWS, Azure) and best practices.
- Excellent analytical, problem-solving, and project management capabilities.
- Strong communication and interpersonal skills for effective collaboration with internal teams, auditors, customers, and regulatory bodies.
- Willingness to participate in frequent international video conferences and handle security incidents during non-regular hours.
What will help
- Industry certifications such as CISSP, GCIH, GCFA, CEH, or similar are highly desirable.
- Self-motivated and fast learner, able to complete tasks with minimal supervision.
- Experience conducting company-wide third-party security risk assessments.
- Advanced expertise in FedRAMP requirements.
- Practical experience in penetration testing, threat hunting, information security management, computer forensics, incident response, or risk management.
- Experience conducting regular security audits to ensure compliance with established standards and frameworks.
Be Passionate.
Be Innovative.
Be a Trender.
Be #EngineeredToDoGood.