Job ID: 2402025
Location: HERNDON, VA, United States
Date Posted: Apr 1, 2024
Category: Cyber
Subcategory: Cybersecurity Spec
Schedule: Full-time
Shift: Day Job
Travel: No
Minimum Clearance Required: TS/SCI with Poly
Clearance Level Must Be Able to Obtain: None
Potential for Remote Work: No Remote
Benefits: Click here
Description
Description:
INTRODUCTION: The Sponsor manages security assessment, security compliance, change management, and continuous monitoring responsibilities across cloud service providers. The Sponsor requires support in understanding and implementing standards like ICD 503, NIST Risk Management Framework, and cloud technologies. The work requires a healthy mix of technical and policy knowledge. The work will be driven by the Sponsors needs and priorities.
WORK REQUIREMENTS: The Sponsor will direct priorities and delegate tasks.
• The Contractor Team shall manage security assessment, security compliance, change management, and continuous monitoring activities across five cloud service providers through the Sponsor’s office.
• Assess cloud security technologies for security gaps and weaknesses according to industry standards.
• Analyze security scan findings and perform risk analysis on security scan findings.
• Review cloud security body of evidence packages for completeness and accuracy.
• Collaborate with other internal components and security peers to determine security and potential weaknesses of cloud infrastructure and cloud services.
• Advise Sponsor leadership on cloud security services.
• Analyze system alerts to determine if a security weakness exists and document risk mitigation procedures.
• Sustain and evolve the Sponsor’s standard operating procedures to meet Program Objectives.
• Facilitate technical exchange meetings (TEMs) with cloud service providers to review cloud service architectures.
Qualifications
Required Skills:
1. Demonstrated experience facilitating Technical Exchange Meeting (TEM) with cloud service providers to review cloud service architectures.
2. Demonstrated experience maintaining assessment and authorization packages across multiple services or systems in accordance with FIPS-199, NIST 800-53, and CNSS 1253 requirements.
3. Demonstrated experience designing, implementing, assessing, or reviewing systems that utilize cloud technology with either Amazon Web Services, Oracle Cloud, Google Cloud, IBM Cloud, or Microsoft Azure cloud architecture.
4. Demonstrated experience utilizing or reviewing cross domain technology and common architecture designs.
5. Demonstrated experience consulting project teams on system architecture and security posture.
6. Demonstrated experience with continuous monitoring requirements to include scan analysis for critical or high findings with common scan tools such as Rapid 7, Nessus or Qualys.
7. Demonstrated experience creating, monitoring, or closing system or service Plans Actions and Milestone items (POA&Ms).
8. Demonstrated experience utilizing compliance tools to track assessment and authorization activities such as Xacta 360, Service Now, or RSA Archer.
9. Demonstrated experience with the common control provider concept within the NIST Risk Management Framework.
10. Demonstrated experience with security control assessments (SCAs) to include working with SCAs and preparing security packages for SCAs.
Desired Skills:
1. Demonstrated experience using the Sponsors or similar element assessment and authorizing process.
2. Demonstrated experience creating or reviewing A&A body of evidence documentation in a cloud security environment.
3. Demonstrated experience identifying, implementing, or reviewing appropriate information security controls.
4. Demonstrated experience working in Xacta 360.
SAIC accepts applications on an ongoing basis and there is no deadline.
Overview
SAIC® is a premier Fortune 500® technology integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, civilian and intelligence markets includes secure high-end solutions in mission IT, enterprise IT, engineering services and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives.
We are approximately 24,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.4 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.