Our FedRAMP Cloud Security Analyst will be working on a highly functional FedRAMP development team and will work across our customers' environments to design and document security controls for our customers in Google, AWS and Azure environments. Responsible for working with our customers to assist them to achieve and maintain a FedRAMP Authority to Operate (ATO).
The ideal FedRAMP Cloud Security Analyst candidate will have at least 3 years experience developing FISMA/FedRAMP System Security Plans for low, moderate and high impact IaaS, PaaS and SaaS solutions.
Principle Duties and Responsibilities
The FedRAMP Cloud Security Analyst will be required to stay current on US policy related to IA, acquisition and computer network defense will be required to:
- Create and publish technical documentation associated with FedRAMP assessment packages
- Have a solid understanding of Amazon Web Services (AWS), Azure and Google Cloud Security experience
- Have an understanding of DevSecOps environments
- Have a strong knowledge of technology and security topics including network and application security, infrastructure hardening, security baselines, web server, and database security
- Have excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy
- Have a strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism
- Previous FedRAMP and compliance experience preferred
- 3+ years in commercial or public sector experience
- 3+ years in integration of tools and software for use in operating FedRAMP cloud environments experience
- 3+ years developing SOPs for access control, encryption, incident response, configuration management and security testing experience
- 3+ years of risk assessment/management experience
- 3+ years Authentication and Accreditation (ST&E, auditing, policy and procedure development) experience
- BS/BA degree preferred.
- Nice to have at least one of following certifications: CISSP, CISM, CEH, CISA, Security+, GSEC, CIPP, AWS certifications
InfusionPoints is a consulting, cyber security and technology firm that infuses security into business solutions to protect our clients' consumer, employee, and partner information. As an independent trusted partner, we help our clients by leveraging our information technology (IT) frameworks to efficiently develop, deploy, manage, and optimize secure business solutions for State and Federal Government, banking, insurance, finance, retail, and healthcare industries.
InfusionPoints' consultants combine a unique blend of security, technology and business skills to help our clients define IT, security and privacy strategies and manage major IT, security and privacy initiatives, while achieving high returns on their IT investments. Our experienced consultants apply holistic, integrated methodologies for infusing security and privacy capabilities into business solutions, by combining our frameworks with critical thinking and deep analytics to solve your most pressing security and privacy challenges.
InfusionPoints relies on the expertise and professionalism of our employees as the key to our success. Our consultants have broad experience in commercial and government organizations and have a variety of industry certifications, and advanced degrees.
InfusionPoints offers a competitive compensation and benefits package and is an equal opportunity employer and a drug-free work place.
Location: NC, DC Metro, Remote