Logo
ECS

FedRamp Validator & Sr ISSO

ECS, Fairfax, VA, United States

ECS is seeking a FedRAMP Validator & Sr. ISSO to work in our Remote or National Capital Region office. Please Note: This position is contingent upon [additional funding].

  • FedRAMP Validator
  • Serve as a FedRAMP Validator as part of the DISA Joint Validation Team, in one or more FedRAMP Provisional Authority (PA) pursuits. Anticipate 1 to 2 FedRAMP PA pursuits, which will be approximately 20% of the time.
  • Collaborate with DISA JVT Lead, Cloud Service Provider (CSP) and the Third-Party Assessment Organization(3PAO)
  • Validate 3PAO assessment and provide input for information exchange meetings.
  • Review CSP comments and responses with 3PAO for adjudication.
  • Work with the DISA JVT Lead to establish schedules and completion timelines.
  • Assess and validate the compliance of implemented controls.
  • Ensure compelling evidence mapped to applicable security controls.
  • Review documentation for completeness and structural thoroughness.
  • Review system architecture to develop an understanding of authorization boundaries and data flows.
  • Review trusted connections and remote access activities.
  • Provide documentation review comments to the JVT Lead in the Enterprise Mission Assurance. Support Service (eMASS) system or via other media.
  • Meet weekly, or daily if needed, with the DISA JVT Lead, CSP and 3PAO.
  • Senior ISSO
  • Serve as a principal ISSO to one or more Boundary/System Owner and ISSM on all matters (technical or otherwise) involving the security. Anticipate 80% of the time will be dedicated to ISSO services.
  • Provide Risk Management Framework (RMF) support to assigned DMDC/DHRA Information Systems; ensuring that System/Product Owners maintain an appropriate operational cybersecurity posture.
  • Promote the DHRA/DMDC Risk Management Framework maturity
  • Ensure control(s) assurance for the given systems' Common and Inherited Controls and Reciprocity
  • Ensure systems are operated, used, maintained, and disposed of in accordance with DMDC and DHRA security policies and practices
  • Determine information security requirements by evaluating DHRA/DMDC business strategies and requirements, researching information security standards; conducting system security and vulnerability analyses and risk assessments, assessing industry architectures/platforms and relative security benefits, and identifying architecture/platform integration issues that prevent the strongest possible security posture.
  • Monitor compliance and conduct partial or full Control Assessments for a given boundary, as requested
  • Understand, review and provide guidance for any artifact, such as but not limited to Data Flow Diagrams, Network Diagrams, Internal/External connections, configuration logs, security and monitoring logs, etc.,
  • STIGS: Utilize the assigned tool, such as eMASSTER to generate STIG results, and assigned actions for remediation
  • POA&Ms: Develop and track compliance for new and existing POA&Ms for a given boundary's identified weaknesses, or findings. Review POA&M status at the prescribed frequency, and engage staff members across the enterprise to ensure POA&M date are achieved on time and are documented in eMASS
  • Manage ServiceNow ticket queues for cybersecurity Risk Management Branch and review/validate user access rights
  • Create presentations and or metrics as requested. Create weekly, monthly and in-progress review presentations, as needed. Create and or maintain document
Salary Range: $150,000-$190,000

General Description of Benefits
  • Must be a US citizen per contract, possess a Secret Clearance, and be willing to acquire and maintain a DoD Top Secret clearance if requested.
  • Bachelor's degree in computer science, cybersecurity, information security, or similar discipline AND 5+ years of cybersecurity experience, in support of the DoD or other federal clients. Education/Experience substitution allowable.
  • Active DoD 8570 certification minimum compliance, including at least one of the following certifications in good standing: CASP+ CE, CISSP, Security+.
  • Firm Understanding of the DISA FedRAMP Validator Process.
  • Firm understanding of the NIST Special Publications, DoD Risk Management Framework (RMF) processes and NIST 800-53 security controls.
  • 5+ years of experience as an ISSO, ISSM, SCA, or RMF Auditor.
  • Broad technical knowledge is required in order to review DISA Security Technical Implementation Guides (STIGs).
  • Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders.
  • Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions.
  • Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk.
  • Knowledge of DoD cybersecurity policies, practices, and requirements.
  • Excellent written and verbal skills are required.