Job Description :
Security Consultant with emphasis in compliance
Number of Positions: 2
Duration: 6 months plus
Location: Remote, based anywhere in the US.
Work Schedule: M-F 8am - 5pm
Interviews: 1 hour video panel interview.
Citizenship Required: Yes
Prescreening Questions:
1. Do you have experience interpreting and applying NIST 800-171 or NIST 800-53 requirements?
a. If yes:
i. What was your role during that time?
ii. What types of information systems did you apply the requirements to (ex. standalone systems, air-gapped network, or a corporate network
2. What was the most challenging NIST requirement?
a. Why was it challenging?
b. How did you apply the control?

Job Description
The Security Consultant will be a member of our internally facing, corporate Federal Cybersecurity organization with responsibility for contributing significant security and compliance experience and technical skillset across a variety of projects and engagements. The Security Consultant will be considered a security, compliance, and technical expert and will assist in the development and communication of authoritative security-focused policies, standards, guidelines and control requirements. This role interacts with all levels of the organization, particularly within the Global Dell Digital (IT) organization. The Federal Cybersecurity team ensures customer satisfaction through professional engagement and use of a risk-based approach.

Key Responsibilities:
The Dell Security & Resiliency organization (SRO) manages the security risk across all aspects of Dell’s business. The Federal Cybersecurity team is an organization within SRO focused primarily on the internal security and compliance requirements, in support of Dell Federal.

Participate as a Security Consultant on various projects & initiatives across Dell Federal providing security and compliance guidance & direction while ensuring adherence to Dell Federal’s security policies & standards
Define security requirements while engaging directly with stakeholders within Dell Federal’s Business Units and the Information Technology organizations to ensure products, services and solutions are designed to adhere to those requirements across Dell Federal’s environments
Consult with internal, technical and business teams to provide security and compliance guidance and/or solutions to minimize security risks and guide internal customers in the development and implementation of security controls for their environments
Provide subject-matter expertise to established policy exception process through standard review and dispensation processes
Assist with the development, maintenance and communication of Dell Federal’s security policies and procedures as a subject-matter or domain expert
Ensure customer satisfaction through professional consulting engagements and use of a risk-based approach
Investigate complex, and sometimes historic practices/solutions to determine gaps and needed improvements and facilitate migration to a preferred state
Work with Business and Senior Management as required to facilitate resolution of challenging business problems/objectives in a secure way
Develop and maintain comprehensive documentation of engagements performed and risks and/or issues identified
Perform other duties as required

Requirements
Strong knowledge and understanding of information security practices and policies, including Information security frameworks, standards, and best practices
Strong knowledge and understanding of Federal compliance requirements, including DFARS, ITAR, NIST 800-171, and CMMC Level 3
Strong knowledge in application, cloud and network security concepts
Detailed technical knowledge and experience with general network security, authentication, security protocols, access control, cryptography, application security and data protection
Foundational understanding of secure coding practices and standard code defect issues such as un-validated input, SQL injection, X-Site Scripting, hard coded credentials, etc. and their implications to system security state
Knowledge and experience in infrastructure and network security with hands-on experience with one or more security technologies such as Firewalls, Intrusion Detection/Prevention Systems, Vulnerability Scanning, WAF, Wireless LAN, NAC, DLP, DDoS Mitigation, WAN security, SIEM, Content Filtering, Cloud Security gateways, Secure Proxies, SSL crypto solutions, etc.
Experience with Threat Modelling
Experience with various Cloud services and deployment models including knowledge of Cloud-native/Cloud-friendly security controls a plus
Foundational knowledge of risk management principles including identifying risks and solutions/remediations for minimizing
Must work well with others as part of larger team and be able to collaborate on cross functional teams with the ability to work collaboratively and effectively as part of larger matrixed organization
Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner
Excellent written and verbal communication skills
Results-driven, customer-focused, and accountability-minded

Basic Qualifications
Bachelor’s degree in Computer Science, Information Systems, or a related field
Individuals with CISSP, CISM, or CCSP certifications preferred
Knowledge of Federal compliance requirements and frameworks, including DFARS, ITAR NIST 800-171, and CMMC Level 3
Knowledge of audit standards, as well as knowledge of regulatory requirements and frameworks such as NIST 800-53, NIST Cyber, ISO 27001, ISO 27002, EU GDPR, PCI and Cyber Essentials framework helpful
10+ years Security experience