Cloud Security & Authorization Technical Analyst

About The Position

Requirements

• Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse.
• Minimum of TWO (2) years experience securing and engineering cloud platforms in federal or regulated environments.
• Demonstrated expertise implementing and validating cloud security controls aligned to NIST RMF and FedRAMP.
• Hands on experience reviewing or performing independent assessments, IV&V, or third party security assessments.
• Deep understanding of shared responsibility models, control inheritance, and cloud risk management.
• Experience developing and reviewing RMF documentation and SARs.
• Ability to translate complex cloud engineering concepts into clear risk and compliance narratives.
• Strong collaboration skills across engineering, security, compliance, and government teams.

Nice To Haves

• Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY and maintain an active HHS/NIH clearance are preferred.
• Experience with AWS, Azure, or GCP cloud security architectures in FedRAMP authorized environments.
• Prior experience supporting or acting as a 3PAO, IV&V team member, or independent assessor.
• CISSP, CCSP, AWS/Azure Security Specialty, or similar certification.
• Experience assessing CI/CD pipelines, IaC, containerized environments, or Zero Trust architectures.
• Experience supporting high impact or financial systems within federal agencies.
• Familiarity with ServiceNow, eCase, or automated GRC platforms.

Responsibilities

• Provide technical cloud security leadership for Assessment & Authorization (A&A) activities across IaaS, PaaS, and SaaS cloud environments aligned to NIST RMF and FedRAMP.
• Perform detailed technical reviews of cloud architectures, configurations, and security control implementations to validate compliance with NIST SP 800 53 and agency security requirements.
• Support and execute independent assessment or IV&V activities, including readiness reviews, control validation, and Security Assessment Report (SAR) development.
• Analyze Cloud Service Provider (CSP) FedRAMP packages (P ATO) and advise on agency specific control inheritance, shared responsibility models, and residual risk.
• Develop and review RMF artifacts including SSPs, control implementation matrices, SARs, POA&Ms, risk acceptance documentation, contingency plans, BIAs, PIAs, and ISAs.
• Conduct interviews and technical walkthroughs with system engineers, ISSOs, CSPs, and service providers to validate control implementation effectiveness.
• Support third party assessment (3PAO) coordination and provide technical quality assurance of assessment deliverables.
• Advise stakeholders on secure cloud design, compensating controls, and remediation strategies to address identified risks.
• Support IT audit and IV&V activities related to cloud security controls, evidence validation, and findings remediation.
• Contribute to cloud security standards, SOPs, and reusable authorization patterns to improve efficiency and consistency.

Benefits

• Medical, Rx, Dental & Vision Insurance
• Personal and Family Sick Time & Company Paid Holidays
• Parental Leave and Adoption Assistance
• 401(k) Retirement Plan
• Basic Life & Supplemental Life
• Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
• Short-Term & Long-Term Disability
• Student Loan PayDown
• Tuition Reimbursement, Personal Development & Learning Opportunities
• Skills Development & Certifications
• Employee Referral Program
• Corporate Sponsored Events & Community Outreach
• Emergency Back-Up Childcare Program
• Mobility Stipend