You’ll facilitate Security Control Assessments (SCAs) and possibly other advanced-level Continuous Monitoring Activities within cloud-based environments. To succeed in this position, you’ll need a strong understanding of security-related system controls and an understanding of the various testing methods utilized to ascertain the effectiveness of those controls.

In this role you will lead FedRAMP assessments:

• Create, modify, and review documentation supporting 3PAO activity customers (RET, SAP, SAR w/ tables, RAR, writing and reviewing Assessment Test Procedures (ATP), Assessing
  Impact Levels (IL) and function as a Project Lead
• Develop Security Authorization Packages that are compliant with FedRAMP and DoD requirements
  
• Provide RMF guidance at the SME level for steps 0-6
• Conduct 3PAO activities for customers and stakeholders
• Act as a Team Lead for 3PAO client engagements
  
• Execute, examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4
• Validate respective information system security plans to ensure NIST control requirements are met
• Develop SCA documentation, including but not limited to the Security Assessment Plan and Security Assessment Report
• Author recommendations associated with your findings on how to improve the customer’s security posture in accordance with NIST controls

• Bachelor’s degree (four-year college or university) or equivalent combination of education and experience
• An active Secret Clearance
• Three (3) years of FedRAMP experience and six to eight (6-8) years of experience in the IT industry, with strong familiarity with the applicable NIST Special Publications 800-37 Revision 1, 800-53 and 800-53A Revision 4
• A solid understanding of the FedRAMP Framework
• Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
• A solid understanding of IT security technologies including network and application security, firewalls, access management, and data protection
• Ability to lead small, less complex system assessments independently
• Ability to assist team members with proper artifact collection and detail to clients’ examples of artifacts that will satisfy assessment requirements
• CISSP required and one additional FedRAMP certification required to include: CASP, GCED, GCIH, GSLC, CISA, CISM, CFR, or CCISO

• PMP
• Registered with the FedRAMP PMO

• 
  Health, dental, and vision insurance with an employer contribution
• Flexible paid time off (employees are encouraged to spend four weeks away from the office each year)
• A generous 401(k) plan
• A corporate wellness program
• Tuition reimbursement