Fedramp Architect Jobs

- Follow the FedRAMP documentation requirements and templates to ensure consistency and compliance with program guidelines.

- Document the results of the system's risk assessment, including identified risks, associated vulnerabilities, and recommended mitigations.

- Clearly articulate the system's risk posture and how the organization addresses and manages identified risks.

- Maintain accurate and up-to-date records of system monitoring activities, including security incidents, vulnerabilities, and remediation efforts.

- Strong understanding of FedRAMP requirements and documentation guidelines.

- Proven experience in developing system documentation and ensuring compliance with security standards and regulations.

Reviews hardware/software asset inventory and ensure completion and advise system owner (SO) and management regarding gaps.

Additional Requirement: must have FEDRAMP experience with cloud-based systems.

Reviews threat and vulnerability assessment findings to quantify and prioritize vulnerabilities in a system.

The ISSO Support Specialist for this contract performs the following duties:

Facilitates remediation/mitigation of the POA&Ms to reduce risk and address weaknesses to the system.

Provides Continuous Monitoring support/guidance by reviewing security documentation, logs, scans and ensuring system backups are performed.

Excellent time management, organizational, and verbal and written communication skills

1+ years of experience in performing FedRAMP assessments and familiarity with the NIST risk management framework and cloud computing technologies

Education, Work Experience and Certifications

Developing an expert knowledge of professional and regulatory standards relevant to assigned service line specialization(s)

Working knowledge of Schellman’s services, methodology, and relevant professional standards

Requisite knowledge of applicable technology and security domains

Strong understanding of logging and data management best practices and strong experience in any logging and/or SIEM platform

Experience with with security automation and data management tools (XSOAR, Phantom, Snowflake, etc)

Prior experience working in environments with NIST 800-53, NIST 800-171 controls or FedRAMP requirements

Manage a scalable and highly available solution for security logging and drive efforts of logging onboarding for increased security visibility

Bachelor degree in Computer Science or related field or equivalent experience

6+ years experience in security engineering, building and managing security solutions across the stack (on-prem and cloud)

Execute Security impact Analysis reviews for all FedRAMP changes coming in to the change management process

Subject matter expertise in CI/CD, Cloud APIs and Identity management

Support incident responders in analyzing applicable threats, vulnerabilities, controls and residual risks inside and out of the FedRAMP boundary

6+ years’ experience in cloud security, with experience across AWS, GCP and/or Azure infrastructure design

2+ years experience in VMWare and/or Network security modeling

4+ years experience in a FedRAMP program as an architect or engineer