Cloud Service Provider Common Control Analyst

ECS Tech IncWashington, DC
10h$145,000 - $160,000

About The Position

ECS is seeking a Cloud Service Provider Common Control Analyst to support the Department of State (DOS), Bureau of Diplomatic Technology (DT). This role is part of the Common Control team, responsible for ensuring high-value and mission-critical systems comply with federal cybersecurity policies. The ideal candidate will serve as a Cloud Service Provider Common Control Analyst, executing the full range common control tasks spread throughout the Risk Management Framework (RMF).

Requirements

  • Ten (10+) years experience in the cybersecurity field.
  • Three (3+) years plus experience performing security control assessments in FedRAMP cloud environment.
  • Experience in planning assessments and be a senior member in a team of security control assessors 
  • Experience in presenting control requirements and deficiencies to both technical and non-technical audiences.
  • Experience performing detailed, full-scope technical security control testing for each of the component types, including development of security and privacy assessment plans is required.
  • Ability to analyze information system configurations and technical specifications against NIST SP 800-53 and other overlays 
  • Possesses a strong understanding of the NIST Special Publication 800-53 security and privacy controls, the NIST Cybersecurity Framework and other information security and privacy laws and regulations.
  • Experience with development and writing of risk-based documentation.
  • Experience with Step 4 of RMF process- Assessing Security Controls 
  • Strong written and verbal communication skills.
  • Strong communication ability across all levels of management.
  • Bachelor’s degree or higher in Computer Science’s, MIS/IT, Engineering, Information Security/IA, or related discipline to work requirement 
  • ACTIVE  Secret Clearance

Responsibilities

  • Review and update existing information security policy, standards, and procedures based on federal and departmental regulations.
  • Perform independent security and privacy control assessments in support of Security Assessment & Authorization (SA&A).
  • Conduct assessments of existing and new FISMA systems, including subsystems in the respective system boundary, and communicate the results and potential implications of identified control weaknesses.
  • Reviews and analyze, Assessment & Authorization (A&A) packages to include System Security Plans (SSP), Risk Assessments, Information System Contingency Plans (ISCP), Back-up Standard Operating Procedures (SOP), Incident Response Plans (IRP), Configuration Management Plans, (CMP), Hardware/Software lists, Network Diagrams, Data Flows, System Change Requests/Proposals, Vulnerability scan reports, test reports, and Plan of Actions & Milestones (POA&Ms) for completeness, accuracy, and document effectiveness of controls, plans and procedures implementation.
  • Create and maintain test cases for security assessment testing and perform security testing at the control-requirement level for each unique component of each system (e.g., application, web application server, financial systems, database server/instance, operating systems, specialized appliances, network and infrastructure devices, and end-user devices (e.g., mobile phones, laptops, etc.).
  • Develop and execute a security and privacy assessment plan in accordance with NIST SP 800-53A, as amended, requirements, for each security assessment project. SA&A activities shall include support for RMF steps 4-6 
  • Document and provide findings and recommendations that are concise, system-specific, and actionable.
  • Analyze security tool reports and determine residual risk or false positives from technical reports and artifacts before assigning findings.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service