Cloud Computing Specialist; CCS SME

Overview

Serves as an Information Assurance and Cloud computing SME with regards to Certification and Accreditation (C&A) and a broad coverage of the application of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) standards and guidance as outlined in the NIST Special Publication(s) (SP) 800-53 and 800-37 (Current versions).

• Google Cloud Platform (GCP) Service Management
• The CCS shall maintain current certification as a Certified Cloud Security Professional. Possesses the ability to work independently with substantial cloud computing security knowledge.
• The assessor must have the essential skillsets to identify, manage and resolve cloud computing security risk and implement “best practices” as applied within a cloud environment (across all of the different deployment and service models, and derivatives).

• Investigates computer and information security incidents to determine extent of compromise to national security information and automated information systems.
• Defines security objectives and system-level performance requirements.
• Researches and stays abreast of tools, techniques, countermeasures, and trends in computer network vulnerabilities.
• Configures and validates secure systems, tests security products/systems to detect computer and information security weaknesses.
• Maintains the computer and information security incident, damage and threat assessment programs.
• Responsible for the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports.
• Involved in the periodic conduct of a review of each system’s audits and monitors corrective actions until all actions are closed.
• Designs, develops, or recommends integrated system solutions ensuring proprietary/confidential data and systems are protected.
• Involved in the establishment of strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems.
• Reviews processes and security protocols and makes recommendations for increased cyber security protection.

• Bachelor’s Degree in Computer Science or a related field.
• The CCS must be well versed in FedRAMP assessment methodology of security and privacy controls deployed in cloud information systems to include six (6) domain areas. The six domains include:
• Architectural Concepts & Design Requirements
• Cloud Data Security
• Cloud Platform & Infrastructure Security
• Cloud Application Security
• Operations
• Legal & Compliance
  
  Minimum Qualifications:
• Five (5) years of relevant C&A experience;
  Risk Management Framework (RMF) and NIST C&A experience
• DOD IA experience
• Experience in assessing IA Controls and conducting C&A reviews for large, complex Information systems

• Active Secret level clearance
• Sensitivity Level: IT-I Critical Sensitive

• Computing Environment: IAT II or IAT III (Security+ or similar)
• 01-M Baseline Certification:
  One of the following Azure or AWS cloud-based certification per DLA Approved CE list
• AWS Certified Security – Specialty
• AWS Certified Solutions Architect – Associate AWS Certified Solutions Architect – Professional Microsoft Certified:
  Azure Administrator Associate
• Microsoft Certified:
  Azure Solutions Architect Expert Microsoft Certified Azure Security Engineer Associate

• Must be able to communicate effectively and clearly present technical approaches and findings.
• Exercises a limited degree of latitude in determining technical objectives of assignments.
• Excellent attention to detail.
• Must be able to balance multiple tasks simultaneously.
• Advanced knowledge of encryption, vulnerability assessment, penetration testing, cyber forensics, intrusion detection, and incident response and remediation.

Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific…