Cloud Analyst(Sign-On Bonus!!)

ASRC Federal Broadleaf Division is seeking a FEDRAMP Cloud Cybersecurity Analyst to support the Defense Counterintelligence and Security Agency (DCSA) at Quantico. This role is crucial for maintaining the IT infrastructure, applications, and any new development projects in the cloud. The successful candidate will engage in technical analysis, research, evaluation, and the establishment of technical guidelines to provide the necessary support for cloud cybersecurity initiatives. The workload will fluctuate based on the number of active developments, including those related to the Federal Risk and Authorization Management Program (FedRAMP) and Risk Management Framework (RMF) governance tier levels, as well as other technical evaluations mandated by DCSA. The Cybersecurity Analyst will be responsible for prior support of FedRAMP activities for cloud-hosted systems, including the preparation of eMASS packages such as Readiness Assessment Reports (RAR), System Security Plans (SSP), and Plans of Actions & Milestones (POA&M). The role involves reviewing, auditing, and validating compliance of DCSA systems with the Secure Cloud Computing Architecture (SCCA) to ensure that cloud systems are properly connected to the Boundary CAP (BCAP) and Virtual Datacenter Security Stack (VDSS) in accordance with the cloud Security Requirements Guide (SRG). Additionally, the analyst will perform periodic cybersecurity control assessments of IT cloud systems, identify potential risks and gaps, and recommend and implement cloud security improvements based on industry standards and best practices. The position also entails conducting Cyber Security Impact Assessments and Risk Assessments for both new and existing cloud systems, determining their security posture and viability for organizational use, and making recommendations for cloud security architectures and controls. The analyst will support the internal Information Security Continuous Monitoring Program for authorization to operate and ongoing authorization approvals for cloud-based IT systems. Experience working with Third Party Assessment Organizations (3PAO) and participation with the DISA Cloud Joint Verification Team (JVT) is also required. The role includes assisting Product Managers (PMs) and/or the Program Management Office (PMO) with cybersecurity audits and assessments of cloud systems, including programmatic reviews and management of corrective action plans. The candidate will participate in reviews of Information System Agreements (ISA) and Memoranda of Agreement (MOA), and work with solution engineers to identify best practices and methods required by the FedRAMP PMO to configure and operate within the NIST SP 800 series of controls. Furthermore, the analyst will assist with non-cloud systems authorization efforts utilizing the Risk Management Framework (RMF) and demonstrate experience with research and analysis of Commercial-Off-The-Shelf (COTS) and Government-Off-The-Shelf (GOTS) products, ensuring compliance with National Security Telecommunications and Information Systems Security Policy Number 11 (NSTISSP-11) and validation via the NIAP Common Criteria Evaluation and Validation Scheme or NIST Federal Information Processing Standards (FIPS) Cryptographic Module Validation Program (CMVP).