Senior Security Assurance and Automation Manager-Mclean, VA (Remote) 6 months Contract - Suncap Technology, Inc.

Title: Senior Security Assurance and Automation Program Manager

This title reflects both the strategic (long-term) and operational (short-term) nature of the responsibilities. Here's how it ties into the key functions:

Short-Term Responsibilities:

1. Automation of Manual Processes for Validating BSCs :
   • Lead the automation initiative, managing vendor recommendations for automating manual validation processes.
   • This will require hands-on project management, process optimization, and understanding of vendor solutions.
2. Establishing Process for CSIRT/IR Remediation & AWS Guardrails :
   • Establish workflows and document the remediation process for incident response (IR) and integrate AWS Guardrails.
   • Develop Federated Architecture user guides and use cases for development teams, focusing on best practices and ensuring secure cloud environments.

Long-Term Responsibilities:

1. SOX Tester/Assurance Program Development :
   • Build out the SOX compliance testing program within InfoSec, ensuring a robust framework for control testing.
   • Establish long-term assurance processes, aligned with regulatory and security requirements.
2. Security Automation Lead :
   • Drive the 2025 security automation roadmap, ensuring automation across security functions (e.g., controls, logging, monitoring, threat modeling).
   • Review current manual processes and build out an automation strategy with an eye towards continuous improvement and scalability.

Additional Responsibilities:

• Threat Modeling : Leverage the "Threat Modeling tool to manage and expedite the threat modeling process for 400 applications, prioritizing critical systems to ensure substantial progress by Q1.
• Logging and Monitoring : Address findings and strengthen continuous monitoring and logging practices, especially in relation to incident detection and response.
• SOAR Implementation : Lead the Security Orchestration, Automation, and Response (SOAR) implementation, ensuring integration with security operations.

Key Considerations:

• Ex-Freddie Mac Candidates Preferred : Make sure the candidate has prior experience with Freddie Mac, but has not worked there for less than 6 months, as per vendor NOC restrictions.