Senior ISSE OR ISSE (FedRAMP/Cloud/RMF)
- Conducting vulnerability scans, system assessments, risk analysis, and technical recommendations to validate compliance.
- Conducting verification and validation for security information systems, products, and components.
- Analyze design specifications, design documentation, configuration practices and procedures, and operational practices and procedures.
- Provide identification of non-compliance of security requirements and possible mitigations to requirements that are not in compliance.
- Verify and validate that the system meets the security requirements.
- Assist in determining the type of cloud solution for information systems i.e., IaaS, PasS, SaaS.
- Review completeness and accuracy of DISA Provisional Authorization (DISA PA).
- Current SECRET clearance.
- Knowledgeable of CNSSI No. 1253, Security Categorization and Control Selection
- Minimum of 5 years of Risk Management Framework (RMF) experience
- Knowledgeable of NIST SP 800 Series, FIPS Pubs 199/200, POA&M, DoDI 8500/8510.01, FISMA, A&A, SSP, Risk Assessment, Privacy Security Controls, CNSSI 1253
- Experience with Security Content Automation Protocol (SCAP) Compliance Checker
- Experience in Identifying and Assessing risks, identifying mitigation strategies, impact levels, and developing risk management framework recommendations based on the organization’s mission/business.
- Experience with Implementing and assessing RMF privacy security controls on networks storing, transmitting, or processing Personal Identifiable Information (PII).
- Experience in performing Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation.
- Experience with Certification and Accreditation activities, in particular, experience in the area of moving accreditation packages through the RMF process to Authority To Operate (ATO).
- Experience working in the FedRAMP cloud environment understanding IaaS, PaaS, and SaaS regarding cloud service provider security control responsibilities and customer responsibilities. Vulnerability and Risk Assessment, Analysis, and Reporting Federal Risk and Authorization Management Program ATO (FedRAMP). Ability to clearly differentiate between a FedRAMP ATO and Agency ATO, the process for a system to be accredited from a FedRAMP standpoint.
- Knowledgeable of the Federal Information Security Modernization Act (FISMA)
- Knowledgeable of Information Assurance Vulnerability Alerts (IAVA’s) and Bulletins (IAVBs), Information Assurance Vulnerability Management (IAVM) program, and Secure Technical Implementation Guide (STIG)
BS & 5-12 yrs. experience (Sr ISSE or ISSE)
CISSP Preferred / Sec+ (minimum)
Apply here or send your resume directly to firstname.lastname@example.org