Cloud Security Assessor

Cloud Security Assessor

Requirements

• Required DOD Top Secret Clearance, or Secret Clearance with TS Eligibility
• Must have DOD 8570 IAM III Certification – CISSP, CISM
• Bachelor’s degree and a minimum of ten (10) years’ relevant Cyber Security Assessment and Cyber Security management experience, or equivalent combination of education / experience
• Five (5) years’ experience with DoD and FedRAMP Cloud Authorization on-going support to include continuous monitoring

Responsibilities

• Performs analysis, conduct independent validation of assessments and continuous monitoring for authorized Cloud Service Providers Cloud Service Offerings
• Develop processes and procedures to document the execution of the analysis and validations
• Reviews Cloud Service Provider documentation consisting of the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), and associated POA&M
• For each certification validation, a Cloud Security Assessment Package is prepared to include validated cybersecurity controls, certifier’s recommendation, certifier’s statement of residual risk, certification assessment briefing slides, and a provisional authorization
• If the validation is leading to a Joint Authorization Board (JAB) Provisional Authorization (PA), a one-page executive summary is also required
• Performs DoD and FedRAMP Cloud Authorization on-going support to include continuous monitoring, annual reviews, and significant change requests of Cloud Service Providers through reviews, recommendations, written reports, and briefings
• Reviews and analyses the following: Deviation Requests, Monthly One Pagers, Annual Assessments, Playbooks, Significant Change Requests, review of scan data, POA&Ms, and other changes to evaluate a CSP’s ongoing risk posture change

Preferred Qualifications

• Must have relevant consulting experience in information technology with specialized experience in an applicable functional area