TASS Cloud Assessment Lead Cybersecurity Engineer – Sr; Cloud Security Ass

About Us

AGE Solutions is a premier technology and professional services company, providing in-depth consulting, advanced technology solutions, and essential services throughout the U.S. government, defense, and intelligence sectors. Prioritizing innovation and client-focused solutions, we assist major agencies in addressing intricate issues and ensuring a more secure future.

AGE Solutions is looking for a Senior Cloud Security Assessor Team Lead in support of a cybersecurity risk management and assessment program with our DoD customer. In this position, you will lead a team of thirteen personnel to ensure DoD and FedRAMP Cloud Authorization ongoing support to include Con Mon, annual reviews and extensions, and significant change requests (SCRs) of CSPs through reviews, recommendations, written reports, and briefings.

Individuals in this role must be available to work on-site de, MD for the majority of the workweek.

• Lead the Assessment Team ensuring administrative tasks are completed. Meet with the Director as required and ensure government requirements are satisfied. Attend all required meetings as a representative AGE.
• Ensure all deliverables are of the proper quality, submitted on time and within schedule.
• Manage team resources, coordinate schedules and ensure staff is compliant with government requirements.
• Provide guidance to all tasks to ensure appropriate coordination with cloud cybersecurity and architecture organizations is accomplished to support mission areas.
• Provide the mission area support in collaborating with IT and cybersecurity teams to ensure cloud security architectures are aligned with overall business objectives and compliance requirements.
• Collaborate with the cybersecurity team to ensure cloud security architectures are aligned with overall business objectives and compliance requirements outlined in the Cloud Computing SRG.
• Provide expert guidance on cloud security matters related to CSOs for technical and non-technical stakeholders.
• Evaluate and develop Monthly One Pagers that summarize the cybersecurity posture of Cloud Service Offerings (CSOs)
• Perform Annual Assessments to validate the implementation of mandatory security controls across the CSO baseline and assess one-third of the remaining controls annually
• Prepare and review weekly Playbooks to report on the Continuous Monitoring (Con Mon) status of designated CSOs
• Review and assess Security Change Requests (SCRs) that propose new requirements or capabilities for CSOs
• Analyze scan data, Plans of Action and Milestones (POA&Ms), and other change artifacts to assess ongoing risk posture changes of Cloud Service Providers (CSPs)
• Ensure the DoD and FedRAMP monitoring programs enable effective oversight of CSPs by providing risk-based data to inform Authorizing Officials (AOs)
• Perform ongoing assessments and validations to confirm that security controls are implemented and compliant with DoD and FedRAMP standards
• Ensure effective operation of system safeguards and controls through a proactive, risk-based monitoring approach
• Maintain continuous visibility into CSP applications and devices to support data-driven decision-making and adherence to authorized risk thresholds
• Support risk-based situational awareness for network security by conducting architectural reviews that expedite mitigation efforts
• Integrate security and risk management processes to identify actionable items driven by threat and vulnerability assessments
• Validate that CSPs regularly perform vulnerability scans as mandated by DoD and FedRAMP security control requirements
• Recommend and oversee the submission and review of POA&Ms, vulnerability scans, Playbooks, Change Requests, Deviation Reports, and Monthly One Pagers
• Contribute to a leverage model that reduces government costs, time, and resources associated with Con Mon for cloud systems
• Conduct Annual Assessments in accordance with FedRAMP and DoD requirements
• Provide comprehensive Con Mon compliance assessments and risk analyses for each assigned CSO including input for annual reviews, extension and change requests, Binding Operational Directives (BODs), and Emergency Directives (EDs)…