FedRAMP Senior Cyber Engineer with Security Clearance - Herndon Virginia

Company: Noblis
Location: Herndon, Virginia
Posted On: 05/02/2024

Responsibilities *** This position is for future upcoming work*** Are you a Cloud Computing and Cyber Security professional? Are you looking to make an impact across the entire federal government? Do you have NIST Risk Management Framework (RMF) knowledge andexperience? Do you love researching new technologies and capabilities? Are you self-driven and detailoriented with excellent written and verbal skills? Then this job is for youCome be a part of a rapidly growing team of highly skilled FedRAMP cyber security SMEs and help redefine the FedRAMP processFedRAMP Cyber Security Engineers are FISMA, NIST RMF and FedRAMP subject matter expertsWe review security packages to evaluate compliance with FedRAMP security requirements and ensure package deliverables clearly and accurately represent the security and risk posture of the cloud service offeringFedRAMP Cyber Security Engineers review the system architecture, authorization boundary, data flows, security controls, and the results of an independent security assessment to determine suitability for government-wide useCyber Security Engineers work with the FedRAMP team to advise on new and emerging technologies with an emphasis on security impactWe are seeking qualified individuals to be FedRAMP SMEs and develop government-wide guidanceKey Responsibilitiesa:--- Perform compliance reviews of cloud service offering (CSO) system security plans (SSPs) to ensure the security posture is sufficient for multi-agency USG use--- Provide risk-based guidance to cloud service providers (CSPs) to address areas found to be non-compliant--- This position focuses on the architecture portion of the SSP, and requires the successful candidate to:--- Interpret multiple graphic representations of a CSO detailing aspects such as the boundary, encryption status, and subnet architecture--- Compare implementation stated in SSP to other documents in the overall compliance package such as an auditor's security assessment report (SAR), on an as needed basis--- Clearly document review findings with guidance to CSPs for remediation in a templated report--- Work hand-in-glove with a team of SMEs that are performing the same level of review on other portions of the compliance package--- Operate in a high-visibility environment where your judgement will:--- * Have significant impact on cybersecurity for the USG--- Be scrutinized in detail, first by your colleagues within the program, and then by external stakeholders--- Be completely supported by the program when finalized--- Organizationally, day-to-day activities require:--- Maintaining focus on the highest priority package at hand--- Rapidly shifting focus to support stakeholder review meetings to present your findings--- Daily reporting of package status to coordinate multiple teams reviewing multiple packages--- Contributing to, and following, detailed standard operating procedures to ensure:--- Firm, fair, and consistent reviews from one package to the next--- Secure handling of sensitive and proprietary vendor data--- Coordination of document revision control with your team members--- Exceptional candidates will have experience in several of the following areas of compliance focus:--- FIPS 140 validated encryption addressing data at rest, data in transit, and MFA authenticators--- Human-to-machine authentication based on NIST SP 800-63-3--- Familiarity with service offerings from hyperscale IaaS/PaaS vendors such as AWS, Azure, Google, IBM, and Oracle such as:--- How a vendor implements TCP/IP constructs within their respective software defined networking (SDN) architectures--- Which NIST SP 800-53 controls are deployed for customers by default, versus requiring customer configuration, or entirely a customer responsibility--- Aspects of DNS including DNSSEC, typical configurations for DDoS protection, DNS over TLS (DoT), and DNS over HTTPS (DoH)--- Domain-based Message Authentication, Reporting & Conformance (DMARC) for email--- Research evolving Federal policy and guidance for application to FedRAMP initiatives and cloud service reviews--- Develop policy/guidance for new/emerging technologies Required Qualifications--- Bachelors degree in technology related field with 8+ years of experience reviewing or developing IT security and compliance documentation (NIST or FedRAMP)Or Masters + 6 years of experienceWork experience can be substituted with commensurate experience Experience performing risk assessments and analyzing risk--- Understanding of government cryptography requirements--- Strong understanding of cloud architecture, various cloud technologies, and security concepts--- Strong understanding of networking principles and security best practices Strong analytical and writing skills--- Strong technical research skills--- Strong communication skills and ability to explain complex technical concepts to non- technical stakeholders--- Excellent teamwork, organizational, communication, and collaboration skills--- US citizen and eligible for public trust Desired Qualifications--- At least four (4) years of experience in the IT Security frameworks (FedRAMP, NIST, DoD CMMC, etc.)--- Application development--- Security testing and penetration testing experience--- Vulnerability management experience--- API development and security practices--- Experience developing enterprise security policies and procedures--- OSCAL experience--- CISSP, CISA, CISM or similar certifications--- Experience with operating system or network security management Experience managing incident response and after-action remediation--- Post graduate degree in computer science, cybersecurity or information systems Overview Noblis and our wholly owned subsidiaries, Noblis ESI , and Noblis MSD tackle the nation's toughest problems and apply advanced solutions to our clients' most critical missionsWe bring the best of scientific thought, management, and engineering expertise together in an environment of independence and objectivity to deliver enduring impact on federal missionsNoblis works with a wide range of government clients in the defense, intelligence and federal civil sectorsLearn more at Noblis -About Us Why work at a Noblis company? Our employees find greater meaning in their work and balance the other things in life that matter to themOur people are our greatest assetThey are exceptionally skilled, knowledgeable, team-oriented, and mission-driven individuals who want to do work that matters and benefits the publicNoblis has won numerous workplace awards Noblis maintains a drug-free workplaceSalary Range Explanation At Noblis we recognize and reward your contributions, provide you with growth opportunities, and support your total well-beingOur offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, and work-life programsOur award programs acknowledge employees for exceptional performance and superior demonstration of our service standardsFull-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in our benefit programsOther offerings may be provided for employees not within this categoryWe encourage you to learn more about our total benefits by visiting the Benefits page on our Careers siteSalary at Noblis is determined by various factors, including but not limited to, the combination of education, certifications, knowledge, skills, competencies, and experience, internal and external equity, location, and clearance level, as well as contract-specific affordability and organizational requirements and applicable employment lawsThe projected compensation range for this position is provided within the posting and are based on full time statusPart time staff receive a prorated salary based on regularly scheduled hoursThe estimated minimum and maximum displayed represents the broadest range for this position (inclusive of high geographic and high clearance requirements), and is just one component of Noblis' total compensation package for employeesPosted Salary Range USD $120,100.00 - USD $210,200.00 /YrEqual Employment Opportunity Noblis is an Equal Opportunity EmployerEmployment decisions are made without regard to race (as well as because of or on the basis of traits historically associated with race, including hair texture, hair type, and protective hairstyles such as braids, locks, and twists), color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, pregnancy, childbirth, lactation and related medical conditions, genetic factors, military/veteran status, or other characteristics protected by lawNoblis is committed to the full inclusion of all qualified individualsAs part of this commitment, Noblis will ensure that persons with disabilities are provided reasonable accommodationsIf reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact . More...

Register an account with us and set up job agents! We'll email you immediately when jobs like this are posted on our site.