SAIC provides scientific, engineering, and systems integration and technical services and solutions in the United States. They are seeking a remote FedRAMP / Cyber Compliance Analyst to support the Department of Health and Human Services (HHS) cybersecurity mission, ensuring the protection of vital health information and responding to cybersecurity threats.
Lead Cloud Service Providers (CSP) through the FedRAMP ATO process.
Assist the HHS FedRAMP team identifying vulnerabilities and risks to CSP accreditation.
Review CSP FedRAMP packages (System Security Plan, Authorization Boundary, Data Flow and other diagrams) ahead of full assessments.
Assure CSP FedRAMP Boundary components in customer deployments are accurately described and implanted based on the appropriate FedRAMP security controls .
Coordinate with internal stakeholder engineering teams to demonstrate the implementation of security compliance control implementations for technical, management, and operational requirements.
Provide oversight on the independent initial and annual security audit of the security controls to ensure compliance with cloud requirements and governance models.
Support the development of technical material, operational processes, security policies, and other core documents for the HHS FedRAMP team.
Meet task deliverable metrics.
Manage the Continuous Monitoring of the CSPs through Plans of Action and Milestones (POA&Ms) and monthly ConMon meetings.
Reviewing IT security measures and safeguarding the information resources of the enterprise to maintain integrity, confidentiality, and availability of data/application.
Leverage internal security operations procedures for efficient operation and protection of cloud application while maintaining security integrity.
Assisting the Team Lead and FedRAMP SME with overall operations for executing projects involving scoping, initiating, high level design & architecture, resource mobilization and execution within cost & time parameters.
Qualification
Required
Experience and familiarity with cloud data security (FISMA/FedRAMP compliance).
Bachelor’s Degree in a relevant field or 4 years of additional experience in lieu of a degree and 2+ years of experience.
Direct FedRAMP experience.
Strong understanding of Cloud computing models, architecture, design, and security evaluation.
Extensive experience with vulnerability management and Plans of Action and Milestones (POA&Ms), with Privacy Impact Assessments, and security categorizations.
Writing technical documentation and knowledge of Cloud and Security concepts.
Technical experience related to FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, FISMA/NIST A&A.
Understanding of the role of Third-party Assessment Organizations (3PAO).
Experience with and knowledge of National Institute of Standards and Technology (NIST) standards Strong governance, risk and compliance experience, Cloud Computing Security Requirements Guide (SRG).
Experience with public cloud solutions (AWS, Google, and Azure).
Proven ability to work with clients, business partners and suppliers.
Must be a U.S. Citizen with the ability to obtain and maintain a Public Trust clearance.
Preferred
2+ years direct FedRAMP experience preferred.
IAT Level I Certification(s) or above desired.
Benefits
SAIC provides scientific, engineering, and systems integration and technical services and solutions in the United States.
