Cloud Computing Specialist (CCS), Information Assurance

We are looking for a Cloud Computing Specialist (CCS) to join our team in support of a DoD customer in Alexandria, VA. The CCS will serve as an Information Assurance and Cloud Computing SME with regards to Certification and Accreditation (C&A) and a broad coverage of the application of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) standards and guidance as outlined in the NIST Special Publication(s) (SP) 800-53 and 800-37 (current versions).

• →Provide full lifecycle Information Assurance (IA) support for systems maintaining current Authority to Operate (ATO) under RMF via eMASS.
• →Update, maintain, and validate RMF artifacts, IA documentation, scorecards, and accreditation packages.
• →Develop, manage, and execute POA&M, MOUs/MOAs, risk acceptance documentation, and other compliance artifacts.
• →Ensure continuous compliance with DoD/DLA RMF requirements supporting ATO and Authority to Connect (ATC).
• →Support RMF Assessment & Authorization (A&A) processes and validate eMASS inputs.
• →Conduct annual risk assessments and IA control validations.
• →Review engineering projects and change requests to ensure implementation of required IA controls and policies.
• →Support connection approval processes and manage required documentation.
• →Identify security risks and enhancements; develop and track mitigation strategies.
• →Evaluate and recommend security components and configurations (e.g., firewalls, IDS/IPS).
• →Provide IA input to Technical Review Boards (TRB) and Change Control Boards (CCB).
• →Support DLA CERT, network engineering, and NTS teams on IA compliance and security event response.
• →Maintain situational awareness of USCYBERCOM alerts/advisories and assess operational impact.
• →Analyze proposed IT acquisitions for IA, interoperability, architecture, and standards compliance; identify required security configuration guidance.
• →Support DISN sub-network accreditation to achieve/maintain full ATO and ATC.
• →Plan and execute IA requirements for technology migrations affecting accredited systems.
• →Implement and maintain information protection guidance for controlled unclassified and classified information in accordance with DoD/DLA policy.

• Minimum Requirement:
  • Five (5) years of relevant C&A experience; Risk Management Framework (RMF) and NIST C&A experience
  • DOD IA experience.
• Certification Requirements:
  • Cloud Computing Security Certification
  • Certification meeting DOD 8570.01 IAM III (CISSP, CISM, etc.)
• Skills and Experience:
  • Experience in assessing IA Controls and conducting C&A reviews for large, complex Information systems.
  • Ability to work independently with substantial cloud computing security knowledge.
  • Must have the essential skillsets to identify, manage and resolve cloud computing security risk and implement “best practices” as applied within a cloud environment (across all of the different deployment and service models, and derivatives).
  • Must be well versed in FedRAMP assessment methodology of security and privacy controls deployed in cloud information systems to include six (6) domain areas. The six domains include: Architectural Concepts & Design Requirements, Cloud Data Security, Cloud Platform & Infrastructure Security, Cloud Application Security, Operations, Legal & Compliance.
• Clearance Requirement:
  • This position requires a SECRET with a Tier 3 investigation.

Compensation: $100,000+