This is primarily a Telework position with a requirement to be onsite at least one (1) day a week in Hanover MD.

As a FedRAMP Cloud Security Analyst you will play a crucial role in ensuring the security and compliance of the programs under the DCSA Program Executive Office (PEO). You will be responsible for managing the Federal Risk and Authorization Management Program (FedRAMP) support for Amazon Web Services (AWS) based cloud systems.

BASIC QUALIFICATIONS

Candidates should demonstrate a detailed knowledge the following:

• Prior support of FedRAMP activities for cloud hosted systems such as eMASS Package (ex: Readiness Assessment Report (RAR), System Security Plan (SSP), Plan of actions & Milestones (POA&M), etc.)

• Review, Audit, and validate compliance of DCSA systems Secure Cloud Computing Architecture (SCCA) to ensure cloud systems connections to the Boundary CAP (BCAP) and Virtual Datacenter Security Stack (VDSS) are implemented in accordance with the cloud Security Requirements Guide (SRG) including support for the internal implementation of the Visual Data Management System (VDMS) solutions internally.

• Perform periodic cyber security control assessments of IT cloud systems, identify potential risks and gaps, and make recommendations and implement cloud security improvements based on industry standards and best practices.

• Perform Cyber Security Impact Assessments and Risk Assessments for new and existing cloud systems, determine security posture and viability for organizational use, and make recommendations for cloud security architectures and controls.

• Provide support for the internal Information Security Continuous Monitoring Program for authorization to operate and ongoing authorization approvals for cloud-based IT systems.

• Experience working with Third Party Assessment Organizations (3PAO)

• Participation with the DISA Cloud Joint Verification Team (JVT) Team

• Assist the Product Managers (PMs) and/or Program Management Office (PMO) with cyber security audits and assessments of cloud systems including programmatic reviews and management of corrective action plans.

• Participated in reviews of Information System Agreement (ISA) / Memorandum of Agreement (MOA), Whitelisting, etc.

• Worked with the solution engineers to identify best practices and methods required by the FedRAMP PMO to configure and operate within the NIST SP 800 series of controls.

• Assist with non-cloud systems authorization efforts utilizing the Risk Management Framework (RMF).

• Understanding and familiarity with cloud architectures (e.g. SaaS, PaaS, IaaS), common commercial cloud systems (e.g. AWS, Microsoft 365, etc.) as well as specific DOD cloud architecture BCAP, ICAP, SCCA, cloud security solutions (e.g. Cloud Access Security Broker, Multi-factor Authentication, Zero Trust Architecture).

#Broadleaf

Requirements :

YEARS EXPERIENCE:

At least two (2) years relevant Cloud Security experience.

EDUCATION REQUIREMENTS:

Bachelor’s Degree, or equivalent experience in Cybersecurity, and/or Information Systems Management, Information Technology.

CERTIFICAITON(S):

DoDM 8140/DoDM 8570.01-M IAM Level I requirements prior to onboarding e.g., CAP, CND, Cloud+, GSLC, Security+ CE, HCISPP or higher-level certification

Multiple cloud certifications preferred.

CLEARANCE LEVEL:

Active Secret Required and eligibility for TS

WORK ENVIRONMENT AND PHYSICAL DEMANDS:

This is primarily a Telework position with a requirement to be onsite at least one (1) day a week.

If alternate worksite is other than DCSA facilities or corporate office space, must have the reliable ability to communicate over voice (cell phone preferred) and stable, capable internet connection.

Must speak English well enough to communicate complex technical ideas to a diverse customer both verbally and in written form.

ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.