Arctic Slope Regional Corporation - Quantico, VA
posted 22 days ago
ASRC Federal Broadleaf Division is hiring a FEDRAMP Cloud Cybersecurity Analyst in support of DCSA at Quantico. This position is approved for a hybrid work schedule (1-2 days per week on-site). DCSA requires Cybersecurity Cloud support to maintain IT infrastructure, applications, and any new development projects in the cloud. As such, technical analysis, research, evaluation, and technical guidelines shall be performed to accomplish the needed support. The workload for the Cybersecurity Analyst will vary depending on the number of active developments including Federal Risk and Authorization Management Program (FedRAMP) and Risk Management Framework (RMF) governance tier level as well as other technical evaluations required by DCSA. The Cybersecurity Analyst will be responsible for prior support of FedRAMP activities for cloud hosted systems such as eMASS Package (ex: Readiness Assessment Report (RAR), System Security Plan (SSP), Plan of actions & Milestones (POA&M), etc.). The role includes reviewing, auditing, and validating compliance of DCSA systems Secure Cloud Computing Architecture (SCCA) to ensure cloud systems connections to the Boundary CAP (BCAP) and Virtual Datacenter Security Stack (VDSS) are implemented in accordance with the cloud Security Requirements Guide (SRG). Additionally, the analyst will perform periodic cyber security control assessments of IT cloud systems, identify potential risks and gaps, and make recommendations and implement cloud security improvements based on industry standards and best practices. The position also involves performing Cyber Security Impact Assessments and Risk Assessments for new and existing cloud systems, determining security posture and viability for organizational use, and making recommendations for cloud security architectures and controls. The analyst will provide support for the internal Information Security Continuous Monitoring Program for authorization to operate and ongoing authorization approvals for cloud-based IT systems. Experience working with Third Party Assessment Organizations (3PAO) and participation with the DISA Cloud Joint Verification Team (JVT) Team is also required. The analyst will assist the Product Managers (PMs) and/or Program Management Office (PMO) with cyber security audits and assessments of cloud systems including programmatic reviews and management of corrective action plans. The role requires participation in reviews of Information System Agreement (ISA) / Memorandum of Agreement (MOA), Whitelisting, etc., and working with solution engineers to identify best practices and methods required by the FedRAMP PMO to configure and operate within the NIST SP 800 series of controls. The analyst will also assist with non-cloud systems authorization efforts utilizing the Risk Management Framework (RMF). Demonstrated experience with research and analysis of Commercial-Off-The-Shelf (COTS) and Government-Off-The-Shelf (GOTS) and IA-enabled products as part of the security architecture is essential, ensuring products are National Security Telecommunications and Information Systems Security Policy Number 11 (NSTISSP-11) compliant and validated via the NIAP Common Criteria Evaluation and Validation Scheme or NIST Federal Information Processing Standards (FIPS) Cryptographic Module Validation Program (CMVP).