Home > Washington D.C. jobs > Washington D.C. computer/technical

Posted: Wednesday, February 7, 2018 9:58 AM

Job Description
General Info:
Citizenship Required: US Citizenship
Clearance: Public Trust
Type of Business: Awarded and Funded (5 Year Support IDIQ Contract)
Site: Washington D.C. Metro Area (Rockville, MD)
Travel: 5 or Less

You will be working on a team tasked with providing cyber security support services for its software development lifecycle, which includes production support, governance, security, controls, and operations for the cloud environment.
Serve as the Subject Matter Expert (SME) for the Organizations Cloud, Mobility and future emerging technologies environment; possessing in:depth knowledge of business risk management, security engineering, and regulatory compliance with FedRAMP, FISMA, and NIST
Conduct a FedRAMP readiness study to provide the Agency with an assessment of their capabilities to achieve FedRAMP accreditation. This includes performing a current state FedRAMP readiness review of the Agency on:premises cloud capabilities and providing the Agency with a roadmap to become FedRAMP accredited. Responsibilities also include reviewing existing Agency security documentation, performing interviews of key personnel, and reviewing technical control implementations of the existing Cloud environments.
Collaborate with 3PAOs to prepare application materials demonstrating that the organization meets both technical competence in security assessment of cloud systems and management requirements for organizations performing inspections
Review and assess security assessment plan to include a comprehensive set of procedures for assessing the effectiveness of security controls employed in the cloud environment and enabling more consistent, comparable, and repeatable assessments of security controls customized for cloud applications
Develop security assessment reports to include all the assessment results and assigned mitigation strategy for each risk; perform analysis on each finding to promote a better understanding of the risks to organizational operations; organizational assets, and individuals
Develop NIST / FISMA / FedRAMP SA and A documentation for systems and networks undergoing certification and validate the quality of deliverables produced by the team
Assess risks, identify mitigation requirements and develop accreditation recommendations; be responsible for tracking SA and A requirements for assigned systems within the agency and validate that tasks are on schedule, and ensure the delivery of quality documentation
Assist in the creation of SA and A packages with the responsibility for gathering information from system owners, applying data to the appropriate templates, and attending meetings in support of the effort
Assist in responding to requests for information from OMB A:123, FISMA, GAO, and external auditors. Follow Agency procedures to gather and track information
Develops and implements information assurance/security standards and procedures
Coordinates, develops, and evaluates security programs for an organization; recommends information assurance/security solutions to support customers requirements
Actively participate in client discussions and meetings
Education and Experience Required:
Experience conducting FedRAMP Readiness Assessments and reviewing ATO packages for FedRAMP Cloud environments
Experience implementing NIST 800:53 rev.4 security controls in a FedRAMP Cloud environment for the Federal Government
Experience with Cloud Architecture requirements necessary to provide public, private, or hybrid Cloud services.
Experience designing security architecture solutions within Cloud Service Provider environments (e.g. AWS, Azure).
3+ years of working experience in security related field
CCSK, SANS, ISC2, or other relevant certification
Experience and Competency with Trusted Agent FISMA (TAF), RSA Archer, or similar GRC tool
Ability to work in a fast:paced, demanding environment


• Location: District Of Columbia

• Post ID: 45624122 dc is an interactive computer service that enables access by multiple users and should not be treated as the publisher or speaker of any information provided by another information content provider. © 2018