Publicis Sapient is a digital consulting company belonging to Publicis Groupe, with 20,000 people and over 50 offices worldwide. It was originally established as Sapient in Cambridge, Massachusetts in 1990.
Manager Cybersecurity
By solving some of today’s toughest challenges, our teams are helping to transform the government in the areas of business, technology and marketing. Working at Public Sector, you will be in an environment that fosters growth and creativity, demands openness and client-focused delivery, and celebrates initiative and innovation.
The chance to bring your ideas and new thinking to today’s challenges and work in a truly unique work environment is now – it’s at Publicis Sapient | Public Sector.
This is a position for an Information Security SME with experience in Federal government Certification and Accreditation (C&A) practices and policies. The candidate will work within an established and structured consulting team, responsible for developing and delivering all security assessments, documentation and vulnerability management in order to meet required security standards and maintaining the security posture. The candidate will facilitate working sessions and work closely with client Office of Information Technology team. This position requires excellent analytical and writing skills to effectively communicate and deliver on required life-cycle deliverables.
Responsibilities:
- Responsible for designing and documenting security controls for client network and infrastructure elements, in order to meet federal regulatory compliance specifications.
- Individual will perform an in-depth analysis of the current infrastructure environments, risk assessments, and will document and conduct risk assessments and validate the security controls.
- Use Federal Certification and Accreditation (C&A) processes to research, verify and document information security controls in order for the “systems” to be accredited.
- Actively coordinate & support 3-4 C&A initiatives per year for ATO renewal or update for IT systems
- Develop System Security Plans and standard operating procedures for Federal Information Systems
- Understand and develop Privacy Impact Assessments
- Closely work with federal stakeholders including Information System Security Officer (ISSO) to maintain high-security posture of the IT systems
- Maintain and update System Security documentation
- Report on security status and security incidents
- Manage vulnerabilities reported by various security scanning tools.
- Experience working with multiple teams to remediate the vulnerabilities on time-based on Government policies.
Requirements:
- Must be a U.S. Citizen or U.S. Permanent Resident
- Eligible for U.S. Government Clearance
Qualifications
- Eight years of progressively responsible IT Security assessment and authorization-related responsibilities
- Eight years of experience directly performing Assessments and Authorizations, knowledge of specific NIST guidelines. The candidate will demonstrate experience analyzing IT security controls and developing solutions to security problems to meet federal security standards
- Knowledge of Federal government security guidelines:
- Federal government C&A practices and policies
- Moderate and high-impacting security control families listed in NIST Publication 800-53 Rev5
- Knowledge of security industry-standard security scanning tools for hardware, application, and static code.
- Experience in client-facing situations and dealing with security standards and protocols.
- Excellent oral and written communication skills including the ability to clearly and openly communicate with a client on a daily basis as well as the ability to create and deliver security-related deliverables.
- Understand security requirements within management, operational, and technical controls.
- Experience with Systems Security in the Federal space.
Education:
- Bachelor’s degree in computer science, information assurance, engineering or related field
About Public Sector
Public Sector, part of Publicis Sapient, is a leading provider of strategy, technology, and marketing services to a wide array of U.S. governmental agencies. Focused on driving long-term change and transforming the citizen experience, we use technology to help agencies become more accessible and transparent. With a track record of delivering mission-critical solutions and the ability to leverage commercial best practices, we serve as trusted advisors to government agencies, such as the Federal Bureau of Investigation, Library of Congress, National Institutes of Health, United States Department of Health and Human Services, and United States Department of Homeland Security..
Additional Information
Flexible vacation policy; time is not limited, allocated, or accrued
• 16 paid holidays throughout the year
• Generous parental leave and new parent transition program
• Tuition reimbursement
• Corporate gift matching program
Base Pay Range: USD 140,000 – 160,000 (varies depending on experience)
The range shown represents a grouping of relevant ranges currently in use at Publicis Sapient. Actual range for this position may differ, depending on location and specific skillset required for the work itself.
Google Cloud Threat Modeling (Security) Engineer (Hybrid, NYC or Dallas)
As a Senior Engineer – Threat Modeling you will be a part of a smart cross-functional team delivering digital business transformation solutions to our clients. This position entails an individual contributor role focused on Security Architecture and Threat Modeling, encompassing governance, evaluation of public cloud services, and conducting security reviews for Public Cloud Providers. Collaboration and partnership with Engineering, Information Security, Program Management, and Development teams are essential. The candidate will conduct technical architecture reviews to pinpoint security opportunities, identify exploitable threats, and propose mitigation strategies.
Your Impact:
- Conduct thorough threat modeling exercises utilizing established methodologies and frameworks.
- Maintain a rigorous standard of excellence in identifying potential threats and specifying effective mitigation controls.
- Manage the lifecycle of identified threats and associated controls, ensuring timely updates and adjustments as necessary.
- Deliver comprehensive threat models and related tasks within specified timeframes.
- Offer constructive feedback, support, and suggestions for enhancing the existing threat modeling process.
- Present findings and progress updates to senior leadership, team members, and relevant technical stakeholders.
Qualifications
We are seeking an ideal candidate with 8+ years of experience in a range of technologies and processes including:
- Proficiency in GCP – essential
- Strong knowledge of security architecture principles, frameworks, and best practices
- Experience working with threat modeling methodologies such as MITRE ATT&CK, STRIDE, PASTA etc.
- Overall experience in Cybersecurity: 5+ years
- Security practices encompassing authentication, authorization, logging/monitoring, encryption, infrastructure security, and network/segmentation
- Knowledge of cloud security frameworks
- knowledge of Rest API
- Knowledge in scripting languages and Infrastructure as Code (Terraform, CloudFormation)
- Familiarity with Jira or other ticketing systems – essential
- Technical architecture design and review skills – essential
- Ability to identify vulnerabilities using CWE or OWASP
- Knowledge of operating systems and their hardening techniques
- Understanding of development concepts such as CICD, Pipelines, and SDLC
- Penetration testing knowledge is also super useful
- Familiarity with Cloud Development Kit (CDK) and GitOps
- Experience operating in a DevOps/agile team environment
- Understanding of docker, Kubernetes, serverless architecture, and Helm
- Exposure to platforms like Snowflake, MongoDB, Terraform Cloud, GitHub, and Databricks
- Strong analytical skills, diligence, and attention to detail
- Willingness to conduct research using vendor documentation
- Capability to create and maintain high-quality documentation
- Possession of an adversary mindset
- Continuous learning attitude towards new technologies and methodologies
- Strong problem-solving skills
- Excellent communication and collaboration abilities
- Ability to build and nurture relationships across cross-functional teams
Set Yourself Apart With:
- Professional Security Certifications: CISSP, CCSP, CISA, CISM, ITIL
- Relevant GCP certifications are highly desirable: GCP Professional Cloud Architect, GCP Professional Cloud Security Engineer.
- Strong knowledge of industry standards as they relate to Cloud and Application security management to include ISO, NIST, and Cloud Security Alliance (CSA)
- Experience working in regulated environments
- Exposure to agile development, DevOps, SecOps and scrum teams
- Hands-on-experience with cloud security designs on Azure
- Development experience (python, Node)
- Strong desire to learn and contribute solutions and ideas to broader team
Additional Information
Flexible vacation policy; time is not limited, allocated, or accrued
• 16 paid holidays throughout the year
• Generous parental leave and new parent transition program
• Tuition reimbursement
• Corporate gift matching program
Base Pay Range: USD 140,000 – 185,000 (varies depending on experience)
GCP Vulnerability Engineer
As a Security Engineer you will be a part of a smart cross-functional team delivering digital business transformation solutions to our clients. This position entails an individual contributor role focused on Security Architecture and Threat Modeling, encompassing governance, evaluation of public cloud services, and conducting security reviews for Public Cloud Providers. Collaboration and partnership with Engineering, Information Security, Program Management, and Development teams are essential. The candidate will conduct technical architecture reviews to pinpoint security opportunities, identify exploitable threats, and propose mitigation strategies.
Qualifications
Candidates should have knowledge of the tools and processes to provide operational security support to our cloud ecosystem. Pre-requisites for this position are at least a bachelor’s degree with 3 – 5 years of experience on most of the following areas:
• Proven offensive security-oriented mindset (vulnerability assessments, infrastructure & application pen testing, threat modeling, threat actor emulation)
• Hands-on experience with GCP
• Excellent understanding of Cloud security concepts/best practices
• Familiarity with securing containers and container orchestration frameworks (such as Kubernetes – GKE)
• Deep Understanding of MITRE ATT&CK and attacker TTPs
• Programming/scripting languages a plus (Python preferred, but not required)
• Infrastructure as Code knowledge a plus (Terraform)
• Ability to deliver presentations to senior leaders and peer organizations in both a technical and non-technical manner.
Certifications:
• Cloud security certifications: GCP Professional Cloud Security Engineer, etc.
• Container/Kubernetes certifications: CKA, CKAD, CKS, etc.
• Other security certifications: OSCP, OSCE, GXPN, GPEN, GCIH, GWAPT, etc.
Additional Information
Flexible vacation policy; time is not limited, allocated, or accrued
• 16 paid holidays throughout the year
• Generous parental leave and new parent transition program
• Tuition reimbursement
• Corporate gift matching program
Base Pay Range: USD 140,000 – 185,000 (varies depending on experience)
Senior Associate Data Engineer- Azure Databricks Developer
Publicis Sapient is looking for a Senior Associate Data Engineer Azure, to be part of our team
of top-notch technologists. You will lead and deliver technical solutions for large-scale
digital transformation projects. Working with the latest data technologies in the industry,
you will be instrumental in helping our clients evolve for a more digital future.
Your Impact:
- Act as a trusted Azure expert to clients as part of large digital transformation journeys
- Advance the application of large-scale data platforms as a core building block to enable true business transformation
- Lead Data Migration projects to Azure cloud
- Build complex data pipelines on Azure infrastructure using cloud native technologies
- Work closely with our clients in understanding their needs and translating them to technology solutions
- Provide expertise as a technical resource to solve complex business issues that translate into data integration and database systems designs
- Shape opportunities and create execution approaches throughout the lifecycle of client engagements
- Ensuring all deliverables are of high quality by setting development standards, adhering to the standards, and participating in code reviews
- Mentor, support, and manage team members
Qualifications
- Hands on with Python, Spark/Pyspark, or SCALA
- Solid understanding and hands on experience with Databricks and Spark, the core engine of Databricks, including its core concepts like RDDs, DataFrames, and Datasets
- Knowledge of SQL for querying and manipulating data, especially when working with structured data
- Expertise in data ingestion, transformation, and loading (ETL) processes, data modeling, and data warehousing
- Strong understanding of Azure cloud platform, including storage options (Azure Blob Storage, Azure Data Lake Storage Gen2), compute resources (Azure Databricks clusters), and security features
- Proficiency in using Azure’s core services like Virtual Machines, Virtual Networks, Storage Accounts, and Azure Active Directory
- Knowledge of database services like Azure SQL Database, Azure Cosmos DB, and Azure Database for PostgreSQL
- Understanding of DevOps principles and tools like Azure DevOps, GitHub Actions, and Jenkins
- Understanding of Delta Lake, a storage layer for big data, and its use cases for building reliable data pipelines
- Knowledge of SQL queries optimized for Databricks, including performance tuning techniques
- Skills in data visualization tools like Power BI or Tableau to create insightful reports and dashboards
- Experience with streaming data tools like Kafka, Flink or RabbitMQ
- Certification in Azure
Additional Information
Pay Range: $113,000 – $150,000
