FedRamp Validator & Sr ISSO

ECS is seeking a FedRAMP Validator & Sr. ISSO to work in our Remote or National Capital Region office. Please Note: This position is contingent upon [additional funding].
? FedRAMP Validator
? Serve as a FedRAMP Validator as part of the DISA Joint Validation Team, in one or more FedRAMP Provisional Authority (PA) pursuits. Anticipate 1 to 2 FedRAMP PA pursuits, which will be approximately 20% of the time.
? Collaborate with DISA JVT Lead, Cloud Service Provider (CSP) and the Third-Party Assessment Organization(3PAO)
? Validate 3PAO assessment and provide input for information exchange meetings.
? Review CSP comments and responses with 3PAO for adjudication.
? Work with the DISA JVT Lead to establish schedules and completion timelines.
? Assess and validate the compliance of implemented controls.
? Ensure compelling evidence mapped to applicable security controls.
? Review documentation for completeness and structural thoroughness.
? Review system architecture to develop an understanding of authorization boundaries and data flows.
? Review trusted connections and remote access activities.
? Provide documentation review comments to the JVT Lead in the Enterprise Mission Assurance. Support Service (eMASS) system or via other media.
? Meet weekly, or daily if needed, with the DISA JVT Lead, CSP and 3PAO.
? Senior ISSO
? Serve as a principal ISSO to one or more Boundary/System Owner and ISSM on all matters (technical or otherwise) involving the security. Anticipate 80% of the time will be dedicated to ISSO services.
? Provide Risk Management Framework (RMF) support to assigned DMDC/DHRA Information Systems; ensuring that System/Product Owners maintain an appropriate operational cybersecurity posture.
? Promote the DHRA/DMDC Risk Management Framework maturity
? Ensure control(s) assurance for the given systems' Common and Inherited Controls and Reciprocity
? Ensure systems are operated, used, maintained, and disposed of in accordance with DMDC and DHRA security policies and practices
? Determine information security requirements by evaluating DHRA/DMDC business strategies and requirements, researching information security standards; conducting system security and vulnerability analyses and risk assessments, assessing industry architectures/platforms and relative security benefits, and identifying architecture/platform integration issues that prevent the strongest possible security posture.
? Monitor compliance and conduct partial or full Control Assessments for a given boundary, as requested
? Understand, review and provide guidance for any artifact, such as but not limited to Data Flow Diagrams, Network Diagrams, Internal/External connections, configuration logs, security and monitoring logs, etc.,
? STIGS: Utilize the assigned tool, such as eMASSTER to generate STIG results, and assigned actions for remediation
? POA&Ms: Develop and track compliance for new and existing POA&Ms for a given boundary's identified weaknesses, or findings. Review POA&M status at the prescribed frequency, and engage staff members across the enterprise to ensure POA&M date are achieved on time and are documented in eMASS
? Manage ServiceNow ticket queues for cybersecurity Risk Management Branch and review/validate user access rights
? Create presentations and or metrics as requested. Create weekly, monthly and in-progress review presentations, as needed. Create and or maintain document

Salary Range: $150,000-$190,000

General Description of Benefits
? Must be a US citizen per contract, possess a Secret Clearance, and be willing to acquire and maintain a DoD Top Secret clearance if requested.
? Bachelor's degree in computer science, cybersecurity, information security, or similar discipline AND 5+ years of cybersecurity experience, in support of the DoD or other federal clients. Education/Experience substitution allowable.
? Active DoD 8570 certification minimum compliance, including at least one of the following certifications in good standing: CASP+ CE, CISSP, Security+.
? Firm Understanding of the DISA FedRAMP Validator Process.
? Firm understanding of the NIST Special Publications, DoD Risk Management Framework (RMF) processes and NIST 800-53 security controls.
? 5+ years of experience as an ISSO, ISSM, SCA, or RMF Auditor.
? Broad technical knowledge is required in order to review DISA Security Technical Implementation Guides (STIGs).
? Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders.
? Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions.
? Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk.
? Knowledge of DoD cybersecurity policies, practices, and requirements.
? Excellent written and verbal skills are required.

Apply Job!