Cloud Security & Authorization Technical Analyst
Listed on 2026-07-03
-
IT/Tech
Cybersecurity, Information Security
Job Family
Cyber Consulting
Travel RequiredUp to 10%
Clearance RequiredAbility to Obtain Public Trust
What You Will DoThe Cloud Security & Authorization Technical Analyst provides deep technical expertise in securing, engineering, and independently assessing federal cloud environments. This role blends hands‑on cloud security engineering with Assessment & Authorization (A&A), Independent Verification & Validation (IV&V), and third‑party assessment support to ensure cloud platforms meet federal security, risk, and compliance requirements.
This position serves as a technical authority supporting FedRAMP based cloud authorizations, agency‑specific control implementations, and independent assessments while advising government stakeholders on secure cloud architecture and risk posture.
Key Responsibilities- Provide technical cloud security leadership for Assessment & Authorization (A&A) activities across IaaS, PaaS, and SaaS cloud environments aligned to NIST RMF and FedRAMP.
- Perform detailed technical reviews of cloud architectures, configurations, and security control implementations to validate compliance with NIST SP 800‑53 and agency security requirements.
- Support and execute independent assessment or IV&V activities, including readiness reviews, control validation, and Security Assessment Report (SAR) development.
- Analyze Cloud Service Provider (CSP) FedRAMP packages (P ATO) and advise on agency‑specific control inheritance, shared‑responsibility models, and residual risk.
- Develop and review RMF artifacts including SSPs, control implementation matrices, SARs, POA&Ms, risk acceptance documentation, contingency plans, BIAs, PIAs, and ISAs.
- Conduct interviews and technical walkthroughs with system engineers, ISSOs, CSPs, and service providers to validate control implementation effectiveness.
- Support third‑party assessment (3
PAO) coordination and provide technical quality assurance of assessment deliverables. - Advise stakeholders on secure cloud design, compensating controls, and remediation strategies to address identified risks.
- Support IT audit and IV&V activities related to cloud security controls, evidence validation, and findings remediation.
- Contribute to cloud security standards, SOPs, and reusable authorization patterns to improve efficiency and consistency.
- Must be able to OBTAIN and MAINTAIN a Federal or DoD “PUBLIC TRUST”; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY and maintain an active HHS/NIH clearance are preferred.
- Minimum of TWO (2) years experience securing and engineering cloud platforms in federal or regulated environments.
- Demonstrated expertise implementing and validating cloud security controls aligned to NIST RMF and FedRAMP.
- Hands‑on experience reviewing or performing independent assessments, IV&V, or third‑party security assessments.
- Deep understanding of shared‑responsibility models, control inheritance, and cloud risk management.
- Experience developing and reviewing RMF documentation and SARs.
- Ability to translate complex cloud engineering concepts into clear risk and compliance narratives.
- Strong collaboration skills across engineering, security, compliance, and government teams.
- Experience with AWS, Azure, or GCP cloud security architectures in FedRAMP authorized environments.
- Prior experience supporting or acting as a 3
PAO, IV&V team member, or independent assessor. - CISSP, CCSP, AWS/Azure Security Specialty, or similar certification.
- Experience assessing CI/CD pipelines, IaC, containerized environments, or Zero‑Trust architectures.
- Experience supporting high impact or financial systems within federal agencies.
- Familiarity with Service Now, eCase, or automated GRC platforms.
Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.
Benefits- Medical, Rx, Dental & Vision Insurance
- Personal and Family Sick Time & Company Paid Holidays
- Position may be eligible for a discretionary…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).