Cloud Security Control Assessor

Employer
AboutWeb
Location
Annapolis Junction, MD
Posted
Aug 24, 2017
Closes
Sep 30, 2017
Function
IT, Security Engineer
Industry
Security
Hours
Full Time
Cloud Security Control Assessor (SCA) who has an active DoD secret clearance and is IAM Level 3 (CISSP) certified to perform the following:
  • Develop processes and procedures to document the execution of the analysis and assessments of Cloud Service Providers (CSP) packages
  • Analyze and conduct assessments of packages
  • Support the development of the DoD Cloud Security Guidelines, associated checklists, templates, and documents
    • This may include development of requirements, instructions, how-to guides and other guidance for internal assessors on how CSP assessments will be conducted, DoD Components, cloud service providers, and third-party assessors regarding the assessment, deployment and use of secure cloud computing in the DoD
  • Conduct Cloud Services Security Assessments and information assurance reviews, as directed, in support of the FedRAMP and DoD Provisional Authorization processes while following the process guidance and procedures as outlined and provided
    • Typically this requires review of Cloud Services documentation packages consisting of key documents such as the System Security Plan, Security Assessment Plan, Security Assessment Report and associated Plans of Action and Milestones
    • For each certification assessment, prepare a certifier's recommendation, statement of residual risk, scorecard, and certification assessment briefing slides
  • Required:
  • In-depth working knowledge of EMASS and RMF
  • Desired:
  • Working knowledge of NIST SP800-60 vol I and II
  • Familiarity with DISA and/or DoD processes and regulations in general
  • Certifications:
  • Current IAM Level 3 CISSP certification
  • Clearance:
  • Active DoD secret clearance
  • Work Location: Annapolis Junction, Maryland