Poly) Bid role starting in 8-10 weeks

Leading Path Consulting•Herndon, VA

About The Position

The Sponsor's office is working to accelerate mission delivery and connect mission partners with the power of commercially-driven cloud computing. The Sponsor brings multi-cloud solutions to mission environments, supporting cloud services providers (CSPs), and offering cloud services across multiple networks. The Sponsor manages security assessment, security compliance, change management, and continuous monitoring responsibilities across four (4) cloud service providers: Amazon Web Services, Google Cloud, Oracle Cloud, and Microsoft Azure. The Team, in conjunction with the Sponsor's office, shall manage security assessment, security compliance, change management, and continuous monitoring activities, including associated program management functions, across four (4) cloud service providers: Amazon Web Services, Google Cloud, Oracle Cloud, and Microsoft Azure. The Team shall assess cloud security technologies for security gaps and weaknesses according to industry standards. The Team shall analyze security scan findings and perform risk analysis on the findings. The Team shall review cloud security body of evidence packages for completeness and accuracy. The Team will collaborate with other internal components and security peers to determine security and potential weaknesses of cloud infrastructure and cloud services. The Team will advise Sponsor leadership on cloud security services. The Team will analyze system alerts to determine if a security weakness exists and document risk mitigation procedures. The Team will sustain and evolve the Sponsor's standard operating procedures to meet Program Objectives. The Team will facilitate technical exchange meetings (TEMs) with cloud service providers to review cloud service architectures. The Team will provide program management support including project planning, task tracking, milestone management, and resource coordination to ensure timely delivery of all contract requirements. The Team will develop and maintain program metrics and performance indicators including security assessment completion rates, finding remediation timelines, compliance status dashboards, and other key performance indicators as directed by the Sponsor. The Team will respond to Sponsor inquiries and requests for information within established timelines, providing accurate and complete technical and programmatic information. The Team will prepare periodic program highlights, status reports, and briefing materials for Sponsor leadership summarizing program activities, accomplishments, issues, and upcoming milestones. The Team will support ad hoc taskings from the Sponsor including research, analysis, documentation, and coordination activities as required to meet emerging program needs. The Team will maintain regular communications with the Sponsor through scheduled status meetings, written reports, and other communication channels as established by the Sponsor.

Requirements

Demonstrated experience facilitating TEMs with cloud service providers to review cloud service architectures
Demonstrated experience maintaining assessment and authorization (A&A) packages across multiple services or systems in accordance with FIPS-199, NIST 800-53, and CNSS 1253 requirements.
Demonstrated experience designing, implementing, assessing or reviewing systems that utilize cloud technology with either Amazon Web Services, Oracle Cloud, Google Cloud, or Microsoft Azure cloud architecture.
Demonstrated experience utilizing or reviewing cross domain technology and common architecture designs.
Demonstrated experience with continuous monitoring requirements to include scan analysis for critical or high findings with common scan tools such as Rapid 7, Nessus, and Qualys.
Demonstrated experience creating, monitoring, or closing system or service plan of Action and Milestone items (POA&Ms).
Demonstrated experience utilizing compliance tools to track assessment and authorization activities such as Xacta 360, Risk Vision, RSA Archer.
Demonstrated experience with the common control provider concept within the NIST Risk Management Framework.
Demonstrated experience with security control assessments to include working with SCAs and preparing security packages for SCAs.
Demonstrated experience conducting information system security engineering activities.
Demonstrated project management experience including project planning, task tracking, milestone management, and resource coordination
Demonstrated experience developing and maintaining program metrics, performance indicators, and compliance status dashboards
Demonstrated experience preparing technical reports, program highlights, status briefings, and leadership communications

Nice To Haves

Demonstrated experience assessing cloud security technologies for security gaps and weaknesses according to industry standards.
Demonstrated experience reviewing cloud security body of evidence packages for completeness and accuracy.
Demonstrated experience facilitating technical exchange meetings (TEMs) with cloud service providers to review cloud service architectures.
Demonstrated experience providing project management support including project planning, task tracking, milestone management, and resource coordination to ensure timely delivery of all contract requirements.
Demonstrated experience using the Sponsors or IC element A&A process.
Demonstrated experience creating or reviewing A&A body of evidence documentation in a cloud security environment.
Demonstrated experience identifying, implementing, or reviewing appropriate information security controls.
Demonstrated experience working in Xacta 360
Demonstrated experience with Sponsor's tools.

Responsibilities

Assess cloud security technologies for security gaps and weaknesses according to industry standards.
Analyze security scan findings and perform risk analysis on the findings.
Review cloud security body of evidence packages for completeness and accuracy.
Collaborate with other internal components and security peers to determine security and potential weaknesses of cloud infrastructure and cloud services.
Advise Sponsor leadership on cloud security services.
Analyze system alerts to determine if a security weakness exists and document risk mitigation procedures.
Sustain and evolve the Sponsor's standard operating procedures to meet Program Objectives.
Facilitate technical exchange meetings (TEMs) with cloud service providers to review cloud service architectures.
Provide program management support including project planning, task tracking, milestone management, and resource coordination to ensure timely delivery of all contract requirements.
Develop and maintain program metrics and performance indicators including security assessment completion rates, finding remediation timelines, compliance status dashboards, and other key performance indicators as directed by the Sponsor.
Respond to Sponsor inquiries and requests for information within established timelines, providing accurate and complete technical and programmatic information.
Prepare periodic program highlights, status reports, and briefing materials for Sponsor leadership summarizing program activities, accomplishments, issues, and upcoming milestones.
Support ad hoc taskings from the Sponsor including research, analysis, documentation, and coordination activities as required to meet emerging program needs.
Maintain regular communications with the Sponsor through scheduled status meetings, written reports, and other communication channels as established by the Sponsor.