Full-Time, Direct Hire Position with Full Benefits and Matching 401(k) Plan
Work Location: Columbia, MD (Optional Remote)
Minimum Clearance Required: Clearable/ Public Trust
The Cloud Security Assessor supports the FedRAMP consulting and assessment program for customer organizations. As part of COACT’s FedRAMP Third Party Assessment Organization (3PAO), the Cloud Security Assessor provides support throughout the various stages of assessment and security consulting projects to provide information assurance solutions to Cloud Service Providers and Agencies. This individual supports the preparation of assessment and authorization packages in accordance with FedRAMP. The Cloud Security Assessor works closely with system stakeholders to document system information, consult on architecture and security topics, and ensure that security controls are implemented appropriately and operating as intended.
- Coordinate with the customer regarding status of FedRAMP consulting and assessment projects.
- Execute consulting and assessment activities in accordance with an established quality system.
- Perform vulnerability scanning using government or commercial-off-the-shelf tools.
- Develop deliverables associated with a FedRAMP security authorization package including, but not limited to: System Security Plan, Information System Contingency Plan, Security Assessment Plan, Security Assessment Report.
- Gather and organize technical information about missions, goals, and requirements.
- Perform project tasks involving the integration of tools or methodologies to resolve organizational and system security problems.
- Perform security reviews, identify gaps in security architecture, and develop a security risk management plan with recommendations for inclusion in the risk mitigation strategy.
- Plan and conduct security authorization reviews.
- Ensure that security design and cybersecurity development activities are properly documented and regularly updated.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments.
- Bachelor’s degree in Cyber Security, Computer Science, or related discipline.
- 5-10 years of relevant industry experience in performing tasks associated with the Risk Management Framework.
- Minimum 5 years of experience with performing risk analyses, executing Risk Management Framework, and developing security assessment reports, including Federal Risk and Authorization Management Program (FedRAMP) and the Federal Information Security Management Act (FISMA).
- Minimum 5 years of experience with performing FedRAMP security control testing activities or FISMA ATO support for cloud applications and data centers.
- A thorough understanding of NIST 800-53 Rev 4 and 5 security controls. This includes: AC, IA, SC, CM, CP, IR, SA, SI control families.
- Independently spearhead assessment workshops, develop specific test case procedures by thoroughly mapping client control implementation to industry technology in order to validate 800-53 control implementations.
- Following COACT’s quality system procedures for proper artifact collection and validation.
- Understand client technology in order to interpret firewall configurations, boundaries, information flow diagrams.
- Familiar with FedRAMP requirements and NIST guidance.
- Highly knowledgeable of cloud architectures and operations.
- Experience using security tools, such as Nessus, WebInspect, AppDetective, and others.
- Must have strong written, verbal, and presentation communication skills.
- Currently have, or able to obtain, a Public Trust Clearance.
- Must have CISSP certification at a minimum.
Preferred Qualifications (Not all of these are mandatory but are considered a plus):
- Experience performing FedRAMP assessments.
- Baltimore Cyber Range (BCR) Certificate.
- Experience engineering cloud systems.
- Experience with cloud system administration (e.g., database, system, network).
COACT offers a competitive full benefits package including:
- Medical, dental, vision, and life insurance
- Benefits include 10 federal holidays and three earned leave.
- 401(k) with company matching
- Tuition Assistance
- Industry Certifications reimbursement (CAP, CISSP, CISA, etc.…)
To apply for this job email your details to firstname.lastname@example.org