Title: Cloud Security Analyst

Location: MUST be comfortable commuting 2x per week on-site in Herndon, VA

Duration: 1 year contract yearly extensions OR potential to convert direct-hire

Compensation: $55/hr to $80/hr.

Exact compensation may vary based on several factors, including skills, experience, and education.

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.

Required Skills and Experience *

- 8 years of Security Analyst experience

- 2 years working in a Cloud environment and FedRAMP protocols

- Expert in FIPS 199 process

- Expert with FISMA, risk management framework

- 4 years with POAM spreadsheets and understanding how to collect the information for a POAM

- 4 years with SSP's and understanding how they are written

- Experience using Telos Xacta or similar tool

- Knowledge of CSAM or EMASS

- 3 years of experience running security assessments

- Must be comfortable going onsite in Herndon 1-3x per week or as needed

Job Description *

This position is for our large software client. This person will join the Security Compliance Team who is supporting the FedRAMP and FISMA authorization of new Cloud Products and 3rd Party Applications into their various cloud environments. This team supports their commercial, corporate, and government environments.

The Security Analyst will be responsible for maintenance of the security documentation for the various environments; which may include development of the metrics / trends, input of security documentation into Xacta, assisting with the FedRAMP or FISMA authorization processes to include prep of the operations team, and documentation summary and update as required. This role serves as a mid level security analyst who assists with the security documentation and can provide thoughtful recommendations on processes and procedures, as well as implementation of security controls. This role must communicate between security, engineering, development and operations teams as required, and be able to interpret and document the results of data gathering. Key deliverables for success will be a monthly maintenance of various POAM, security documentation in Xacta is current and useful, processes and procedures are current and up to date, and assists with assurance that all FedRAMP / FISMA security controls are successfully implemented and associated security documentation is developed and implemented.

On a day to day this person will be required to:

- Gather information and implementation of the security controls through interfacing with the security engineering, operations and build teams

- Develop security documentation such as, but not limited to, System Security Plans (SSP), security plans, procedures, and processes

- Maintain, via review and update, of all security documentation

- Understand the intent of the FedRAMP security controls, FISMA security controls and communicate as needed

- Assist with the FedRAMP or FISMA authorization to include, but not limited to, prep of operations team through training and mock interviews, update documentation as required, and support FedRAMP PMO/ Agency / CISO requests