Database Security Specialist

Database Security Specialist

Evolver Federal is looking for a
Database Security Specialist
­to join our team supporting our government client.

The successful candidate will work with Database Administrators, ISSOs and System Teams to support the client in ensuring the security of its databases across the enterprise. By collaborating with other stakeholders (Federal and Contractor), the candidate will support the ISD Security Tools Team and System DBAs in establishing the initial configuration of database scans using TIO (Tenable Nessus). The candidate will also monitor successful application of security patching for all databases and troubleshoot where necessary, review database-related POA&Ms and provide input into POA&M milestones and associated remediation plans, review artifacts for POA&M closure relating to documented database weaknesses and advise on closure, assist the team in hardening databases throughout the enterprise, and assist DBAs in onboarding database logs to the organization's SIEM tool. The candidate must be a self-starter.

The client environment is diverse and currently contains Oracle, Postgres, SQL Server, and MySQL databases.

Responsibilities

• Review output of database scans using Tenable io (TIO), work with System DBAs to remediate findings, including vulnerabilities and hardening.
• Provide input and recommendations into approved security configuration baselines for database types including Oracle, Postgres, SQL Server, and MySQL.
• Provide input and recommendations into approved database versions based on database type.
• Work with members of the POA&M Management Support Team to review artifacts submitted as evidence of POA&M closure for database-related weaknesses.
• Review, validate, and track false positives and known deviations in scan results to provide assurance that IT systems meet established configuration baseline(s) for approved database types.
• Review documentation submitted in support of requesting a waiver for compliance with specified security requirements per the NIST SP and provide recommendations to client for approval and acceptance of associated risk. Specific to security requirements relating to databases and the database layer of a system.
• Participate in process improvement initiatives to mature the client's internal business processes in areas including, but not limited to, vulnerability remediation, patch remediation efforts, STIG compliance, and approved database instances.
• Work with Database Administrators, ISSOs, and System Admin Teams to configure database assets to send the appropriate logging data to Splunk/ designated SIEM tool.
• Provide recommendations for database logging standards across the enterprise for each database type within the enterprise to facilitate establishing new and enhancing existing logging standards.
• Perform other duties as assigned by the Government.
• Ability to work efficiently and effectively in a dynamic and fast-paced environment.
• Determine the clearest and most logical way to present information and instructions for greatest reader comprehension and write and edit technical information accordingly.
• Meet with other Technical SMEs (Federal and Contractor) to ensure specialized topics are appropriately addressed, discussed, and understood.

Basic Qualifications

• Bachelor's Degree in Information Technology, Computer Science, or related field or 10 years of overall experience.
• Minimum of 5 years of experience as a Database Administrator for Oracle and/or Postg res databases in the federal government, including configuring databases to comply with Industry-Standard configuration baselines.
• Database certification such as Oracle Database Administrator Certified Professional, Certified PostgreSQL Database Administrator, or similar.
• 5 years of experience with Oracle and Postgres.
• 5 years of experience in troubleshooting complex issues involving database security settings and engaging in complex root causes analysis.
• 5 years of experience with cloud-based environments and cloud infrastructure.
• 3 years of experience using , specifically to review scan results, search, and create custom reports.
• 3 years of experience one or more of the following tools: , Nexus IQ Server, Splunk Enterprise v 7.3 and higher, DoJ CSAM, JIRA/ Confluence, CloudCheckr, PrismaCloud
• General awareness of the NIST SP Risk Management Framework.
• Must have previous client-engagement experience.
• Must be a US Citizen with suitable eligibility for Public Trust position.

Preferred Qualifications

• Experience with other database types including, but not limited to Postgres, SQL Server, or MySQL preferred, but not required.
• Previous experience supporting Department of Homeland Security federal clients preferred.
• Working knowledge of secure configuration guidelines for Oracle databases, specifically CIS Benchmarks.
• General awareness of the NIST SP 800-53, specifically as the controls apply to database security.
• Ability to work independently and possesses a solid understanding of database and cyber security concepts.
• Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations.
• Ability to clearly articulate database-related weaknesses for the purpose of documenting POA&M descriptions.
• Ability to clearly articulate remediation strategies and/or compensating controls specific to database weaknesses.

Ability to clearly communicate complex technical concepts to Information Technology Project Managers, Database Administrators, Application Developers, and Security Compliance Analysts, as well as