Senior Cloud Technical Assessor, FedRAMP

SecureIT

Senior Cloud Technical Assessor, FedRAMP

Reston, VA
Full Time
Paid
  • Responsibilities

    SecureIT is seeking a Senior Cloud Technical Assessor to join our FedRAMP team. You will be part of a team that works closely with clients to enhance their security posture to ensure compliance with the latest FedRAMP cloud security requirements. This role requires an expert understanding of FedRAMP requirements, to include technical and non-technical security-related controls (NIST 800-53, Rev 5) and the testing methods utilized to validate the implementation and effectiveness of these controls. Youwill have the opportunity to work alongside industry experts, tackling complex challenges to educate, guide and protect our clients. To succeed in this role, you bring strong technical competencies to the table and can translate technical information to non-technical audiences. You are naturally curious and stay on top of emerging cybersecurity trends and threats. You are a clear thinker, thrive in working across teams, and an expert in dealing with ambiguity. You believe that a core component of security’s role is to enable the business, not just to secure it. You thrive in working in a variety of technical environments, enjoy opportunities for client engagement, and have a bias for action to bring added value to our clients.

    What you’ll do…

    • Serve as a technical lead on FedRAMP assessments
    • Verify the system boundary and determine how the FedRAMP r5 controls apply to the components within that boundary
    • Lead probing interviews with customers to discover how controls are implemented and identify potential concerns with compliance
    • Identify the artifacts and evidence that are needed for technical security controls, test the effectiveness of controls, and document results in the FedRAMP Security Requirements Traceability Matrix (SRTM) workbook
    • Provide Quality Assurance support to ensure that sufficient testing has been performed and that relevant issues have been identified and properly rated as findings
    • Validate and fine-tune the assessment findings, risks, and recommendations captured in the assessment Risk Exposure Table (RET)
    • Interface with clients throughout the entire engagement to address questions/comments related to assessment findings and/or client issues
    • Mentor team members by providing technical guidance, advice, and direction
    • Provide leadership in developing and enhancing the FedRAMP assessment team’s technical control testing approach and toolset (such as scripts)
    • Maintain strong depth of knowledge regarding NIST 800-53 Rev 5 and FedRAMP requirements, industry cloud security best practices and tools, and hyperscale cloud provider service offerings

    What you’ll bring to the table:

    • 7+ years of progressive experience in technical security assessment within a professional services capacity, including 2+ years of experience with FedRAMP
    • Excellent oral and written communication skills on deep technical subject matter and higher-level general security and risk management-related concepts
    • Bachelor’s degree in Computer Science, Information Systems, Cybersecurity or a related discipline or 3-4 years of equivalent experience
    • Current knowledge of and experience with FedRAMP (Rev 5) requirements and strong level knowledge of NIST 800-53 control families
    • Strong analytical skills
    • Extensive understanding of cloud computing technologies and cloud security best practices, including wide-ranging knowledge of at least one or two hyperscale cloud providers
    • In-depth knowledge and experience assessing (or advising on) cloud architecture, configurations, and technical cyber/compliance requirements and best practices
    • Industry recognized professional certification—min. CISSP and one other. The additional certification should be from the following list:
    • CompTIA Advanced Security Practitioner (CASP+) Continuing Education (CE)
    • GIAC Certified Enterprise Defender (GCED)
    • GIAC Certified Incident Handler (GCIH)
    • GIAC Security Leadership (GSLC)
    • Certified Information Systems Auditor (CISA)
    • Certified Information Security Manager (CISM)
    • Certified Cloud Security Professional (CCSP)
    • CISSP-Information Systems Security Architecture Professional (CISSP-ISSAP)
    • CISSP-Information Systems Security Engineering Professional (CISSP-ISSEP)
    • CISSP-Information Systems Security Management Professional (CISSP-ISSMP)
    • CyberSec First Responder (CFR)
    • Certified Chief Information Security Officer (CCISO)

    Preferred Qualifications:

    • Lead teams throughout client interviews and assessment of controls for assigned FedRAMP engagements
    • Manage project tasks and hours to ensure utilization targets are achieved and assessments are being effectively executed
    • Provide technical guidance to the team during the development of interview questions to ensure requested evidence/artifacts are specific to assigned controls
    • Successful completion of the Baltimore Cyber Range (BCR) program

    Other Professional Certifications:

    • Cisco Certified Network Associate Security (CCNA Security)
    • Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops)
    • Cybersecurity Analyst (CySA+)
    • GIAC Systems and Network Auditor (GSNA)
    • GIAC Certified Intrusion Analyst (GCIA)
    • Certified Secure Software Lifecycle Professional (CSSLP)
    • Certified Information Systems Security Officer (CISSO)
    • CompTIA Cloud+ (Cloud+)
    • Global Industrial Cyber Security Professional (GICSP)
    • Securing Cisco® Networks with Threat Detection Analysis (SCYBER)

    About us...

    SecureIT provides full-spectrum cybersecurity and IT risk services to commercial organizations, government contractors, and the Federal Government and is known for being committed to quality and strong client relationships. Our company is made up of dedicated, smart, fun individuals, and we’re always looking for more to join the team. We’re a small organization, but we do big things that successfully impact the portfolio of commercial and federal clients that we serve. The experiences and skills that you bring to the table, and the new ones that you will acquire as part of our team, will be invaluable as we continue to grow our business through a diverse array of projects. We are firmly committed to our employees and foster an environment of continuous learning, professional growth, and collaboration. SecureIT offers an exciting and rewarding career path with an excellent benefits package.

    Reach out today if you’re ready to join our impactful team!