[Remote-Position] FedRamp Validator & Sr ISSO
Core Information:Start Date: Immediate openings availableCompany: WorkwarpLocation: RemotePosition: Fedramp Validator & Sr ISSOCompensation: a competitive salary  ECS is seeking a FedRAMP Validator & Sr. ISSO to work in our Remote or National Capital Region office. Please Note: This position is contingent upon [additional funding].
 FedRAMP Validator
 Serve as a FedRAMP Validator as part of the DISA Joint Validation Team, in one or more FedRAMP Provisional Authority (PA) pursuits. Anticipate 1 to 2 FedRAMP PA pursuits, which will be approximately 20% of the time.
 Collaborate with DISA JVT Lead, Cloud Service Provider (CSP) and the Third-Party Assessment Organization(3PAO)
 Validate 3PAO assessment and provide input for information exchange meetings.
 Review CSP comments and responses with 3PAO for adjudication.
 Work with the DISA JVT Lead to establish schedules and completion timelines.
 Assess and validate the compliance of implemented controls.
 Ensure compelling evidence mapped to applicable security controls.
 Review documentation for completeness and structural thoroughness.
 Review system architecture to develop an understanding of authorization boundaries and data flows.
 Review trusted connections and remote access activities.
 Provide documentation review comments to the JVT Lead in the Enterprise Mission Assurance. Support Service (eMASS) system or via other media.
 Meet weekly, or daily if needed, with the DISA JVT Lead, CSP and 3PAO.
 Senior ISSO
 Serve as a principal ISSO to one or more Boundary/System Owner and ISSM on all matters (technical or otherwise) involving the security. Anticipate 80% of the time will be dedicated to ISSO services.
 Provide Risk Management Framework (RMF) support to assigned DMDC/DHRA Information Systems; ensuring that System/Product Owners maintain an appropriate operational cybersecurity posture.
 Promote the DHRA/DMDC Risk Management Framework maturity
 Ensure control(s) assurance for the given systems' Common and Inherited Controls and Reciprocity
 Ensure systems are operated, used, maintained, and disposed of in accordance with DMDC and DHRA security policies and practices
 Determine information security requirements by evaluating DHRA/DMDC business strategies and requirements, researching information security standards; conducting system security and vulnerability analyses and risk assessments, assessing industry architectures/platforms and relative security benefits, and identifying architecture/platform integration issues that prevent the strongest possible security posture.
 Monitor compliance and conduct partial or full Control Assessments for a given boundary, as requested
 Understand, review and provide guidance for any artifact, such as but not limited to Data Flow Diagrams, Network Diagrams, Internal/External connections, configuration logs, security and monitoring logs, etc.,
 STIGS: Utilize the assigned tool, such as eMASSTER to generate STIG results, and assigned actions for remediation
 POA&Ms: Develop and track compliance for new and existing POA&Ms for a given boundary's identified weaknesses, or findings. Review POA&M status at the prescribed frequency, and engage staff members across the enterprise to ensure POA&M date are achieved on time and are documented in eMASS
 Manage ServiceNow ticket queues for cybersecurity Risk Management Branch and review/validate user access rights
 Create presentations and or metrics as requested. Create weekly, monthly and in-progress review presentations, as needed. Create and or maintain document
Salary Range: $150,000-$190,000
General Description of Benefits
 Must be a US citizen per contract, possess a Secret Clearance, and be willing to acquire and maintain a DoD Top Secret clearance if requested.
 Bachelor's degree in computer science, cybersecurity, information security, or similar discipline AND 5+ years of cybersecurity experience, in support of the DoD or other federal clients. Education/Experience substitution allowable.
 Active DoD 8570 certification minimum compliance, including at least one of the following certifications in good standing: CASP+ CE, CISSP, Security+.
 Firm Understanding of the DISA FedRAMP Validator Process.
 Firm understanding of the NIST Special Publications, DoD Risk Management Framework (RMF) processes and NIST 800-53 security controls.
 5+ years of experience as an ISSO, ISSM, SCA, or RMF Auditor.
 Broad technical knowledge is required in order to review DISA Security Technical Implementation Guides (STIGs).
 Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders.
 Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions.
 Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk.
 Knowledge of DoD cybersecurity policies, practices, and requirements.
 Excellent written and verbal skills are required. Apply Job! Submit Your ApplicationSeize this opportunity to make a significant impact. Apply now and take the first step towards a rewarding new role.
Apply Now
 FedRAMP Validator
 Serve as a FedRAMP Validator as part of the DISA Joint Validation Team, in one or more FedRAMP Provisional Authority (PA) pursuits. Anticipate 1 to 2 FedRAMP PA pursuits, which will be approximately 20% of the time.
 Collaborate with DISA JVT Lead, Cloud Service Provider (CSP) and the Third-Party Assessment Organization(3PAO)
 Validate 3PAO assessment and provide input for information exchange meetings.
 Review CSP comments and responses with 3PAO for adjudication.
 Work with the DISA JVT Lead to establish schedules and completion timelines.
 Assess and validate the compliance of implemented controls.
 Ensure compelling evidence mapped to applicable security controls.
 Review documentation for completeness and structural thoroughness.
 Review system architecture to develop an understanding of authorization boundaries and data flows.
 Review trusted connections and remote access activities.
 Provide documentation review comments to the JVT Lead in the Enterprise Mission Assurance. Support Service (eMASS) system or via other media.
 Meet weekly, or daily if needed, with the DISA JVT Lead, CSP and 3PAO.
 Senior ISSO
 Serve as a principal ISSO to one or more Boundary/System Owner and ISSM on all matters (technical or otherwise) involving the security. Anticipate 80% of the time will be dedicated to ISSO services.
 Provide Risk Management Framework (RMF) support to assigned DMDC/DHRA Information Systems; ensuring that System/Product Owners maintain an appropriate operational cybersecurity posture.
 Promote the DHRA/DMDC Risk Management Framework maturity
 Ensure control(s) assurance for the given systems' Common and Inherited Controls and Reciprocity
 Ensure systems are operated, used, maintained, and disposed of in accordance with DMDC and DHRA security policies and practices
 Determine information security requirements by evaluating DHRA/DMDC business strategies and requirements, researching information security standards; conducting system security and vulnerability analyses and risk assessments, assessing industry architectures/platforms and relative security benefits, and identifying architecture/platform integration issues that prevent the strongest possible security posture.
 Monitor compliance and conduct partial or full Control Assessments for a given boundary, as requested
 Understand, review and provide guidance for any artifact, such as but not limited to Data Flow Diagrams, Network Diagrams, Internal/External connections, configuration logs, security and monitoring logs, etc.,
 STIGS: Utilize the assigned tool, such as eMASSTER to generate STIG results, and assigned actions for remediation
 POA&Ms: Develop and track compliance for new and existing POA&Ms for a given boundary's identified weaknesses, or findings. Review POA&M status at the prescribed frequency, and engage staff members across the enterprise to ensure POA&M date are achieved on time and are documented in eMASS
 Manage ServiceNow ticket queues for cybersecurity Risk Management Branch and review/validate user access rights
 Create presentations and or metrics as requested. Create weekly, monthly and in-progress review presentations, as needed. Create and or maintain document
Salary Range: $150,000-$190,000
General Description of Benefits
 Must be a US citizen per contract, possess a Secret Clearance, and be willing to acquire and maintain a DoD Top Secret clearance if requested.
 Bachelor's degree in computer science, cybersecurity, information security, or similar discipline AND 5+ years of cybersecurity experience, in support of the DoD or other federal clients. Education/Experience substitution allowable.
 Active DoD 8570 certification minimum compliance, including at least one of the following certifications in good standing: CASP+ CE, CISSP, Security+.
 Firm Understanding of the DISA FedRAMP Validator Process.
 Firm understanding of the NIST Special Publications, DoD Risk Management Framework (RMF) processes and NIST 800-53 security controls.
 5+ years of experience as an ISSO, ISSM, SCA, or RMF Auditor.
 Broad technical knowledge is required in order to review DISA Security Technical Implementation Guides (STIGs).
 Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders.
 Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions.
 Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk.
 Knowledge of DoD cybersecurity policies, practices, and requirements.
 Excellent written and verbal skills are required. Apply Job! Submit Your ApplicationSeize this opportunity to make a significant impact. Apply now and take the first step towards a rewarding new role.
Apply Now