FedRAMP Engineer

About The Position

Requirements

• Five (5) years of experience in the IT Security field
• Bachelor’s degree in Computer Science, Information Systems, Mathematics, Engineering or a related field, or an additional three years of IT experience
• Four (4) years of hands-on technical experience as a System Architect or Security Engineer
• Four (4) years of experience supporting FedRAMP
• Direct experience performing analysis on FedRAMP CSP architectures and control implementations (ie. 3PAO, FedRAMP program at another agency, etc) as an Engineer or Architect
• Confidence and depth of understanding to lead meetings with potential Vendors
• Current experience in reviewing 3rd party security assessment reports
• Have detailed knowledge and experience with NIST Policies, Governance, Security Planning and Architecture, FISMA Compliance, RMF, Incident Analysis, and General Security Best Practices
• Possess strong written and oral communication skills to support customers, internal stakeholders, peers, and public audiences
• Ability to communicate, both written and oral, to both technical and non-technical stakeholders
• Strong communication skills to interact with senior managers, junior staff, and business unit (non-technical) customers

Nice To Haves

• Security+, CISSP, CISM, CISA, or equivalent Security certification strongly preferred

Responsibilities

• Perform detailed architecture and technical design reviews on the full stack for vendor solutions
• Conduct architecture reviews of Cloud Service Providers (CSPs) authorization packages to validate the secure design, alignment to FedRAMP and agency requirements, identify gaps, and advise the FedRAMP Government Leadon overall risk posture and compliance
• Lead and conduct architecture interviews with CSPs to ensure all critical control areas throughout the architecture are designed to meet program requirements
• Develop architecture briefing documents to inform the Government FedRAMP program manager and CISO of CSP compliance with FedRAMP program requirements, technical capabilities, and any concerns noted from the material review
• Complete comprehensive review and comment documents of CSPs FedRAMP documentation, including but not limited to system security plans, policies and procedures, supplemental agency guidance documents, alternative implementation and risk acceptance documents, etc. Work with CSPs to reconcile and address any documentation and technology gaps discovered during the review
• Complete a comprehensive review of CSPs' assessments and package submissions after 3PAO audits and prepare a package briefing for the Government FedRAMP program manager and agency CISO. Artifacts include, but are not limited to, vendor security assessment plans, security assessment reports, vulnerability scans, penetration tests, etc
• Work alongside the agency FedRAMP Lead and provide security engineering services
• Provide support for Continuous Monitoring activities including but not limited to items such as reviewing annual package submissions, reviewing and scoping significant change proposals, reviewing risk acceptance documents, etc
• Interpret FedRAMP and other agency requirements and provide vendors with guidance regarding expectations, technical requirements, and processes
• Stay informed of updated FedRAMP guidance, industry best practices, emerging technologies, and Government cybersecurity directives, and provide recommendations to FedRAMP Government lead regarding impacts
• Conduct security reviews of technologies for use-based consideration within CSPs authorization boundary
• Oversee and manage relationships for assigned systems that may be contractor-owned or contractor-operated, ensuring vendors comply with agency security and privacy requirements
• Assist stakeholders with IT security-related activities to ensure project deadlines are met
• Ensure all systems are operated, maintained, and disposed of IAW documented security policies and procedures, including but not limited to Assessment & Authorization (A&A)
• Research assigned IT security systems to provide insight into IT security architectures and IT security recommendations for assigned systems

Benefits

• Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time Employees
• Valiant contributes 25% towards Health Coverage for Family and Dependents
• 100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees
• 100% Paid Certifications
• 401K Matching up to 4%
• Paid Time Off
• Paid Federal Holidays
• Paid Time On – 40 hours to pursue innovation
• Wellness & Fitness Program
• Valiant University – Online Education and Training Portal
• Reimbursement for Public Transit and Parking
• FSA programs for: Medical Costs, Dependent Care, Transit, and Parking
• Referral Bonuses