ASRC Federal Holding Company
FedRAMP Cloud Cybersecurity Analyst
ASRC Federal Holding Company, Quantico, Virginia, United States, 22134
FedRAMP Cloud Cybersecurity Analyst
Quantico, VA 22134, USA Req #506
Wednesday, December 11, 2024
ASRC Federal Broadleaf Division is actively hiring an ISSE in support of our DCSA program based out of Quantico VA.
This is primarily a Telework position with a requirement to be onsite at least two (2) days a week at Quantico Marine Corps Base VA.
DCSA requires Cybersecurity Cloud support to maintain IT infrastructure, applications, and any new development projects in the cloud. As such, technical analysis, research, evaluation, and technical guidelines shall be performed to accomplish the needed support. The workload for the Cybersecurity Analyst will vary depending on the number of active developments including Federal Risk and Authorization Management Program (FedRAMP) and Risk Management Framework (RMF) governance tier level as well as other technical evaluations required by DCSA.
JOB DESCRIPTION:
Prior support of FedRAMP activities for cloud hosted systems such as eMASS Package (ex: Readiness Assessment Report (RAR), System Security Plan (SSP), Plan of actions & Milestones (POA&M), etc.
Review, Audit, and validate compliance of DCSA systems Secure Cloud Computing Architecture (SCCA) to ensure cloud systems connections to the Boundary CAP (BCAP) and Virtual Datacenter Security Stack (VDSS) are implemented in accordance with the cloud Security Requirements Guide (SRG) including support for the internal implementation of the Visual Data Management System (VDMS) solutions internally.
Perform periodic cyber security control assessments of IT cloud systems, identify potential risks and gaps, and make recommendations and implement cloud security improvements based on industry standards and best practices.
Perform Cyber Security Impact Assessments and Risk Assessments for new and existing cloud systems, determine security posture and viability for organizational use, and make recommendations for cloud security architectures and controls.
Provide support for the internal Information Security Continuous Monitoring Program for authorization to operate and ongoing authorization approvals for cloud-based IT systems.
Experience working with Third Party Assessment Organizations (3PAO)
Participation with the DISA Cloud Joint Validation Team (JVT) Team
Assist the Product Managers (PMs) and/or Program Management Office (PMO) with cyber security audits and assessments of cloud systems including programmatic reviews and management of corrective action plans.
Participated in reviews of Information System Agreement (ISA) / Memorandum of Agreement (MOA), Whitelisting, etc.
Worked with the solution engineers to identify best practices and methods required by the FedRAMP PMO to configure and operate within the NIST SP 800 series of controls.
Assist with non-cloud systems authorization efforts utilizing the Risk Management Framework (RMF).
Demonstrated experience with research and analysis of Commercial-Off-The-Shelf (COTS) and Government-Off-The-Shelf (GOTS) and IA-enabled products as part of the security architecture and ensure products are National Security Telecommunications and Information Systems Security Policy Number 11 (NSTISSP-11) compliant and validated via the NIAP Common Criteria Evaluation and Validation Scheme or NIST Federal Information Processing Standards (FIPS) Cryptographic Module Validation Program (CMVP).
BASIC QUALIFICATIONS:
At least two (2) Years of Cloud Cybersecurity experience.
Be able to maintain TS/SCI clearance and access to require to DoD systems including NIPRNet, SIPRNet, and JWICS.
Knowledge of Federal/DoD IT and Cloud security policies, IT configuration tools, Network Security, and other applicable Cybersecurity Policies.
Understanding and familiarity with cloud architectures (e.g., SaaS, PaaS, IaaS), common commercial cloud systems (e.g., AWS, Microsoft 365, etc.) as well as specific DOD cloud architecture BCAP, ICAP, SCCA, cloud security solutions (e.g., Cloud Access Security Broker, Multi-factor Authentication, Zero Trust Architecture).
Understanding of DOD cyber security standards and methodologies including NIST 800-53 Cyber Security Controls, the FedRAMP, the DODI 8510.01 RMF, FISMA, and NIST 800-37 Risk Management.
Excellent communication (written and oral) and interpersonal skills.
EDUCATION REQUIREMENTS:
At least an Associates, bachelor’s degree, in Cybersecurity, and/or Information Systems Management
Bachelor’s Degree, in Cybersecurity, and/or Information Systems Management preferred
CERTIFICATION(s):
Required to have a cloud certification and DD8140/DoD8570.01-M IASAE level I or IAM level II or IAT level II at time of onboarding.
Multiple cloud certifications preferred.
CLEARANCE LEVEL:
Active Secret with the ability to obtain a TS/SCI Clearance
We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.
EEO Statement
ASRC Federal and its Subsidiaries are Equal Opportunity /Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.
Other details
Job FamilyInformation Technology
Job Sub-FamilyCloud Computing
Pay TypeSalary
Telecommute %60
Job Start DateWednesday, December 11, 2024
Quantico, VA 22134, USA
Quantico, VA 22134, USA Req #506
Wednesday, December 11, 2024
ASRC Federal Broadleaf Division is actively hiring an ISSE in support of our DCSA program based out of Quantico VA.
This is primarily a Telework position with a requirement to be onsite at least two (2) days a week at Quantico Marine Corps Base VA.
DCSA requires Cybersecurity Cloud support to maintain IT infrastructure, applications, and any new development projects in the cloud. As such, technical analysis, research, evaluation, and technical guidelines shall be performed to accomplish the needed support. The workload for the Cybersecurity Analyst will vary depending on the number of active developments including Federal Risk and Authorization Management Program (FedRAMP) and Risk Management Framework (RMF) governance tier level as well as other technical evaluations required by DCSA.
JOB DESCRIPTION:
Prior support of FedRAMP activities for cloud hosted systems such as eMASS Package (ex: Readiness Assessment Report (RAR), System Security Plan (SSP), Plan of actions & Milestones (POA&M), etc.
Review, Audit, and validate compliance of DCSA systems Secure Cloud Computing Architecture (SCCA) to ensure cloud systems connections to the Boundary CAP (BCAP) and Virtual Datacenter Security Stack (VDSS) are implemented in accordance with the cloud Security Requirements Guide (SRG) including support for the internal implementation of the Visual Data Management System (VDMS) solutions internally.
Perform periodic cyber security control assessments of IT cloud systems, identify potential risks and gaps, and make recommendations and implement cloud security improvements based on industry standards and best practices.
Perform Cyber Security Impact Assessments and Risk Assessments for new and existing cloud systems, determine security posture and viability for organizational use, and make recommendations for cloud security architectures and controls.
Provide support for the internal Information Security Continuous Monitoring Program for authorization to operate and ongoing authorization approvals for cloud-based IT systems.
Experience working with Third Party Assessment Organizations (3PAO)
Participation with the DISA Cloud Joint Validation Team (JVT) Team
Assist the Product Managers (PMs) and/or Program Management Office (PMO) with cyber security audits and assessments of cloud systems including programmatic reviews and management of corrective action plans.
Participated in reviews of Information System Agreement (ISA) / Memorandum of Agreement (MOA), Whitelisting, etc.
Worked with the solution engineers to identify best practices and methods required by the FedRAMP PMO to configure and operate within the NIST SP 800 series of controls.
Assist with non-cloud systems authorization efforts utilizing the Risk Management Framework (RMF).
Demonstrated experience with research and analysis of Commercial-Off-The-Shelf (COTS) and Government-Off-The-Shelf (GOTS) and IA-enabled products as part of the security architecture and ensure products are National Security Telecommunications and Information Systems Security Policy Number 11 (NSTISSP-11) compliant and validated via the NIAP Common Criteria Evaluation and Validation Scheme or NIST Federal Information Processing Standards (FIPS) Cryptographic Module Validation Program (CMVP).
BASIC QUALIFICATIONS:
At least two (2) Years of Cloud Cybersecurity experience.
Be able to maintain TS/SCI clearance and access to require to DoD systems including NIPRNet, SIPRNet, and JWICS.
Knowledge of Federal/DoD IT and Cloud security policies, IT configuration tools, Network Security, and other applicable Cybersecurity Policies.
Understanding and familiarity with cloud architectures (e.g., SaaS, PaaS, IaaS), common commercial cloud systems (e.g., AWS, Microsoft 365, etc.) as well as specific DOD cloud architecture BCAP, ICAP, SCCA, cloud security solutions (e.g., Cloud Access Security Broker, Multi-factor Authentication, Zero Trust Architecture).
Understanding of DOD cyber security standards and methodologies including NIST 800-53 Cyber Security Controls, the FedRAMP, the DODI 8510.01 RMF, FISMA, and NIST 800-37 Risk Management.
Excellent communication (written and oral) and interpersonal skills.
EDUCATION REQUIREMENTS:
At least an Associates, bachelor’s degree, in Cybersecurity, and/or Information Systems Management
Bachelor’s Degree, in Cybersecurity, and/or Information Systems Management preferred
CERTIFICATION(s):
Required to have a cloud certification and DD8140/DoD8570.01-M IASAE level I or IAM level II or IAT level II at time of onboarding.
Multiple cloud certifications preferred.
CLEARANCE LEVEL:
Active Secret with the ability to obtain a TS/SCI Clearance
We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.
EEO Statement
ASRC Federal and its Subsidiaries are Equal Opportunity /Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.
Other details
Job FamilyInformation Technology
Job Sub-FamilyCloud Computing
Pay TypeSalary
Telecommute %60
Job Start DateWednesday, December 11, 2024
Quantico, VA 22134, USA