FEDRAMP Security Assessor with Security Clearance
Job Description FEDRAMP Security Assessor Fully Remote / Prefer DC Metro Area Marathon TS has an immediate need for a SrConsultant specializing in the FedRAMP risk management framework to join our team in support of our Commercial Cybersecurity Practice, remote location availableCandidates must be US Citizens and eligible for a clearance to be considered for this positionSrConsultants are leaders in the FedRAMP/NIST Assessment space who bring deep knowledge of client engagement and development, and practice management, using your strong experience with FedRAMP and NIST risk management framework you will support and lead teams to perform assessments for cloud computing technologies in meeting federal complianceAs a SrConsultant, you will be responsible for supporting and leading client engagements, assigning work, reviewing team contributions, and assuring quality reports are providedResponsibilities include:
o Lead system security assessments within cloud-based environments in accordance with FedRAMP, FISMA, NIST SP 800-53, 800-37, OMB, and other authoritative IT security guidanceo Provide direction for scheduling, project sequencing, and resource management; assist with managing client expectations and performing project managemento Prepare, review, and/or update, and maintain IT Security supporting artifacts; provide IT security guidance to Information System Ownerso Identifying information security problems and challenges, researching and developing technical solutions to rectify themo Execute, examine, interview, and test procedures in accordance with FedRAMP requirements and NIST SP 800-53Ao Ensure cyber security policies are adhered to and that required controls are implementedo Validate information system security documentation to ensure FedRAMP and NIST control requirements are meto Author recommendations based on findings to improve security postures compliant with FedRAMP and NIST controlso Assist in the review and analysis of Security Authorization Packages for completeness and compliance with FedRAMP and NIST requirements.
o Participate in client interviews to complete Security Assessments.
o Ensure existing systems Security Authorization Packages remain up to date throughout the life cycle.
o Build a customer-focused relationship with client(s).
o Collaborate across multiple internal teams to ensure successful delivery of results based on scope of work.
o Establish standards and procedures to minimize risks.
o Drive working sessions with client to ensure expectations and direction are aligned and timelines are being met.
o Demonstrate ability to lead projects through the project lifecycle from initiation to project closureMinimum Requirements:
o Bachelor's degree (4-yr college or university) or equivalent combination of education and experienceo 5-8 years of experience in either auditing or consultingo Strong FedRAMP and NIST experience (in order of preference):
FedRAMP, NIST SP 800-53, RMF, FISMA, NIST SP 800-171 /CMMCo Strong written and verbal communication skills including the ability to explain technical matters to non-technical audiences.
o Broad based IT background with a technical understanding of networks, protocols, security configurations, cryptography, identity and access management, and the systems development life cycle.
o Excellent communication skills, both written and verbal with strong presentation skills.
o Ability to interact with clients and represent the company in a professional manner.
o Ability to successfully manage multiple tasks.
o Serve as a mentor to Associate Security Consultants and Security Consultants on best practices.
o Team player able to work well with others in a collaborative manner and is a self-starter who can work with minimum supervision.
o Work to continually build and improve solid and well-rounded practices and processes Certification Requirements:
o Must have:
Certified Information Systems Security Professional (CISSP)o Must also have one (1) of the following:
o CompTIA Advanced Security Practitioner (CASP) Continuing Education (CE)o GIAC Certified Enterprise Defender (GCED)o GIAC Certified Incident Handler (GCIH)o GIAC Security Leadership (GSLC)o Certified Information Systems Auditor (CISA)o Certified Information Security Manager (CISM)o Certified Cloud Security Professional (CCSP)o CISSP-Information Systems Security Architecture Professional (CISSP-ISSAP)o CISSP-Information Systems Security Engineering Professional (CISSP-ISSEP)o CISSP-Information Systems Security Management Professional (CISSP-ISSMP)o CyberSec First Responder (CFR)o Certified Chief Information Security Officer (CCISO)o Nice to have:
o Certified FedRAMP Inspector:
Baltimore Cyber Range (BCR) Certifiedo Must be certifiable within three (3) months with training if BCR is not currently obtained #cjjobs Marathon TS is committed to the development of a creative, diverse and inclusive work environmentIn order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilitiesMarathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as protected status ).
Recommended Skills Assessments Auditing Certified First Responder Certified Information Security Manager Certified Information Systems Security Professional Cisco Certified Security Professional Estimated Salary: $20 to $28 per hour based on qualifications.
o Lead system security assessments within cloud-based environments in accordance with FedRAMP, FISMA, NIST SP 800-53, 800-37, OMB, and other authoritative IT security guidanceo Provide direction for scheduling, project sequencing, and resource management; assist with managing client expectations and performing project managemento Prepare, review, and/or update, and maintain IT Security supporting artifacts; provide IT security guidance to Information System Ownerso Identifying information security problems and challenges, researching and developing technical solutions to rectify themo Execute, examine, interview, and test procedures in accordance with FedRAMP requirements and NIST SP 800-53Ao Ensure cyber security policies are adhered to and that required controls are implementedo Validate information system security documentation to ensure FedRAMP and NIST control requirements are meto Author recommendations based on findings to improve security postures compliant with FedRAMP and NIST controlso Assist in the review and analysis of Security Authorization Packages for completeness and compliance with FedRAMP and NIST requirements.
o Participate in client interviews to complete Security Assessments.
o Ensure existing systems Security Authorization Packages remain up to date throughout the life cycle.
o Build a customer-focused relationship with client(s).
o Collaborate across multiple internal teams to ensure successful delivery of results based on scope of work.
o Establish standards and procedures to minimize risks.
o Drive working sessions with client to ensure expectations and direction are aligned and timelines are being met.
o Demonstrate ability to lead projects through the project lifecycle from initiation to project closureMinimum Requirements:
o Bachelor's degree (4-yr college or university) or equivalent combination of education and experienceo 5-8 years of experience in either auditing or consultingo Strong FedRAMP and NIST experience (in order of preference):
FedRAMP, NIST SP 800-53, RMF, FISMA, NIST SP 800-171 /CMMCo Strong written and verbal communication skills including the ability to explain technical matters to non-technical audiences.
o Broad based IT background with a technical understanding of networks, protocols, security configurations, cryptography, identity and access management, and the systems development life cycle.
o Excellent communication skills, both written and verbal with strong presentation skills.
o Ability to interact with clients and represent the company in a professional manner.
o Ability to successfully manage multiple tasks.
o Serve as a mentor to Associate Security Consultants and Security Consultants on best practices.
o Team player able to work well with others in a collaborative manner and is a self-starter who can work with minimum supervision.
o Work to continually build and improve solid and well-rounded practices and processes Certification Requirements:
o Must have:
Certified Information Systems Security Professional (CISSP)o Must also have one (1) of the following:
o CompTIA Advanced Security Practitioner (CASP) Continuing Education (CE)o GIAC Certified Enterprise Defender (GCED)o GIAC Certified Incident Handler (GCIH)o GIAC Security Leadership (GSLC)o Certified Information Systems Auditor (CISA)o Certified Information Security Manager (CISM)o Certified Cloud Security Professional (CCSP)o CISSP-Information Systems Security Architecture Professional (CISSP-ISSAP)o CISSP-Information Systems Security Engineering Professional (CISSP-ISSEP)o CISSP-Information Systems Security Management Professional (CISSP-ISSMP)o CyberSec First Responder (CFR)o Certified Chief Information Security Officer (CCISO)o Nice to have:
o Certified FedRAMP Inspector:
Baltimore Cyber Range (BCR) Certifiedo Must be certifiable within three (3) months with training if BCR is not currently obtained #cjjobs Marathon TS is committed to the development of a creative, diverse and inclusive work environmentIn order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilitiesMarathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as protected status ).
Recommended Skills Assessments Auditing Certified First Responder Certified Information Security Manager Certified Information Systems Security Professional Cisco Certified Security Professional Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
