Item Response

Is this SO for a new position? Yes

Is an onsite interview a must or is the hiring manager open to screening over a Skype (or other) video call for out of state candidates? No

How many interview rounds will be conducted for the position? 2

Is there a chance of extension in the duration of the assignment, beyond the budget/duration included in the SO? Yes

Will the position require the candidate to be onsite completely or there is a possibility of working remotely (partially/completely)? No

Can a vendor suggest a different Resource Title based on the position and budget assigned to that position, if the position requires a niche skill? No

Philadelphia, PA 19107 Duration : 12 months Onsite role The resource(s) covered under this SO will support the Project This is a staff augmentation role with the Office of Innovation and Technologies Information Security Team that will focus on designing, implementing, and maintaining robust security solutions for our customer’s environment. On-site work will take place at City of Philadelphia offices. Position overview / Statement of Work The ideal candidate will be a subject matter expert in information security, capable of designing, implementing, and maintaining robust security solutions for our customer’s environment. This role requires a deep understanding of cloud security, particularly in Azure and AWS environments, as well as experience leading security initiatives in large enterprise organizations. Work activities:

• Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements

• Employ secure configuration management processes

• Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines.

• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.

• Develop and maintain the organization's security roadmap

• Design and implement security architectures for Azure and AWS environments

• Conduct regular security assessments of cloud infrastructure

• Develop and maintain cloud security policies and procedures

• Implement and manage cloud-native security tools and services

• Lead incident response efforts for high-priority security events

• Develop and maintain security monitoring and alerting systems

• Implement and manage SIEM (Security Information and Event Management) solutions

• Perform risk assessments and develop mitigation strategies

• Ensure compliance with relevant industry standards and regulations

• Work with development teams to implement secure coding practices

• Proficiency in scripting and automation (e.g., Python, PowerShell, Bash)

• Perform security code reviews and application penetration testing

• Collaborate with executive leadership to align security initiatives with business objectives

• Manage security projects and allocate resources effectively

  Required

• Bachelor's degree in Computer Science, Information Security, or a related field

• 8+ years of experience in information security roles

• Extensive experience with cloud security, particularly in Azure and AWS environments

• Strong knowledge of security frameworks and best practices (e.g., NIST, ISO 27001, CIS Controls)

• Excellent understanding of network protocols and security technologies

• Experience with security tools such as SIEM, EDR, IDS/IPS, and vulnerability scanners

• Strong analytical and problem-solving skills

• Excellent communication skills, both written and verbal

  Ability to work effectively in a fast-paced, dynamic environment Highly Desired/Preferred

• 8+ years of experience in information security roles

• Extensive experience with cloud security, particularly in Azure and AWS environments

• Strong knowledge of security frameworks and best practices (e.g., NIST, ISO 27001, CIS Controls)

• Proficiency in scripting and automation (e.g., Python, PowerShell, Bash)

• Excellent understanding of network protocols and security technologies

• Experience with security tools such as SIEM, EDR, IDS/IPS, and vulnerability scanners

• Strong analytical and problem-solving skills

• Excellent communication skills, both written and verbal

• Ability to work effectively in a fast-paced, dynamic environment