Posted today
Public Trust
Mid Level Career (5+ yrs experience)
Unspecified
No Traveling
IT - Security
SkyePoint Decisions is seeking an AWS Assessor to join our team for a government contract. This Assessor is responsible for leading the Risk Management Engineering (RME) team in planning and preparation for security assessment and authorization (A&A) as part of the Departments Information Assurance policy. The AWS Assessor is responsible for conducting a comprehensive assessment of implemented controls and control enhancements to determine the effectiveness of the controls, i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security and privacy requirements for the system and the organization.
Responsibilities:
Implement security strategies tailored to our cloud-based environments (including but not limited to Amazon AWS, Google Cloud Platform, and Microsoft Azure).
Conduct cloud security assessments to identify vulnerabilities and risks in the cloud infrastructure.
Understanding of FedRAMP and FedRAMP assessment requirements.
Analyze the organization's cloud security requirements and recommend improvements.
Analyze vulnerabilities and risks from Cloud Security Posture Management (CSPM) tools to identify ineffective or missing security controls.
Conduct comprehensive cloud assessment of implemented controls and control enhancements to determine the effectiveness of the controls, i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security and privacy requirements for the system and the organization.
Prepare security compliance reports containing the results and findings from the cloud assessment.
Complete and execute a cloud Security Controls Test (SCT) plan.
Provide the final cloud analysis report and summarize the findings as well as detailed findings.
Review and analyze cloud system artifacts for accuracy, completeness, in support of an authorization to operate (ATO) requests.
Required Qualifications:
Must be able to obtain a DoED Level 6 High Risk/Public Trust Security Clearance
Bachelor’s degree or equivalent and at least five (5) years related experience.
At least five (5) years of experience as a Security Controls Assessor or similar audit findings response role with a focus on cloud-based security.
Experience with Cloud security architecture, network security, identity, and access management.
Solid knowledge of risk assessment tools, technologies, and methods.
Proven experience with Cloud Security Posture Management (CSPM) tools, security as code methodologies, and container security.
Excellent communications and interpersonal skills.
Experience with security audits and compliance.
AWS Certified Cloud Practitioner certification or higher.
Good familiarity with and understanding of all relevant government and agency policies and procedures to ensure system documentation is compliance with relevant guidelines, e.g., FedRAMP, RMF, FISMA, FIPS-II, NIST, etc.
Certified in Risk and Information Systems Control (CRISC), Certified Authorization Professional (CAP), or equivalent certification required.
Preferred Qualifications:
Top Secret clearance preferred.
CISSP, CEH, GPEN or equivalent certification preferred.
Experience with AWS Security Hub preferred.
Responsibilities:
Implement security strategies tailored to our cloud-based environments (including but not limited to Amazon AWS, Google Cloud Platform, and Microsoft Azure).
Conduct cloud security assessments to identify vulnerabilities and risks in the cloud infrastructure.
Understanding of FedRAMP and FedRAMP assessment requirements.
Analyze the organization's cloud security requirements and recommend improvements.
Analyze vulnerabilities and risks from Cloud Security Posture Management (CSPM) tools to identify ineffective or missing security controls.
Conduct comprehensive cloud assessment of implemented controls and control enhancements to determine the effectiveness of the controls, i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security and privacy requirements for the system and the organization.
Prepare security compliance reports containing the results and findings from the cloud assessment.
Complete and execute a cloud Security Controls Test (SCT) plan.
Provide the final cloud analysis report and summarize the findings as well as detailed findings.
Review and analyze cloud system artifacts for accuracy, completeness, in support of an authorization to operate (ATO) requests.
Required Qualifications:
Must be able to obtain a DoED Level 6 High Risk/Public Trust Security Clearance
Bachelor’s degree or equivalent and at least five (5) years related experience.
At least five (5) years of experience as a Security Controls Assessor or similar audit findings response role with a focus on cloud-based security.
Experience with Cloud security architecture, network security, identity, and access management.
Solid knowledge of risk assessment tools, technologies, and methods.
Proven experience with Cloud Security Posture Management (CSPM) tools, security as code methodologies, and container security.
Excellent communications and interpersonal skills.
Experience with security audits and compliance.
AWS Certified Cloud Practitioner certification or higher.
Good familiarity with and understanding of all relevant government and agency policies and procedures to ensure system documentation is compliance with relevant guidelines, e.g., FedRAMP, RMF, FISMA, FIPS-II, NIST, etc.
Certified in Risk and Information Systems Control (CRISC), Certified Authorization Professional (CAP), or equivalent certification required.
Preferred Qualifications:
Top Secret clearance preferred.
CISSP, CEH, GPEN or equivalent certification preferred.
Experience with AWS Security Hub preferred.
group id: 10370519
