FedRAMP Senior Cyber Engineer (Multiple Levels)

Responsibilities

Are you a Cyber Security professional or a Cloud Computing Engineer / Architect interested in Cyber Security? Are you looking to make an impact across the entire federal government? Do you want to help reshape the Federal Security assurance model? Do you love researching new technologies and capabilities? Are you self-driven and detail oriented with excellent written and verbal skills? Then this job is for you! Come be a part of a growing team of highly skilled FedRAMP cyber security SMEs and help reimagine the FedRAMP process.

FedRAMP Cyber Security Engineers are technologists with an eye for cyber security and policy. We are visionaries, reshaping how the Federal Government thinks about secure cloud implementation. We review security packages to evaluate compliance with FedRAMP security requirements and ensure package deliverables clearly and accurately represent the security and risk posture of the cloud service offering. FedRAMP Cyber Security Engineers review the system architecture, key performance indicators, security controls, and the results of an independent security assessment to determine suitability for government-wide use. Cyber Security Engineers work with the FedRAMP team to advise on new and emerging technologies with an emphasis on security impact. We are seeking qualified individuals to be FedRAMP SMEs and develop government-wide guidance.

Key Responsibilitiesa :

Perform compliance reviews of cloud service offering (CSO) system security plans (SSPs) and / or Key Security Indicators to ensure the security posture is sufficient for multi-agency USG use

Provide risk-based guidance to cloud service providers (CSPs) to address security concerns

This position requires the successful candidate to :

Work hand-in-glove with a team of SMEs that are performing the same level of review on other portions of the compliance package

Collaboration with industry to advance transparency and efficiency

Operate in a high-visibility environment where your judgement will :

Have significant impact on cybersecurity for the USG

Be scrutinized in detail, first by your colleagues within the program, and then by external stakeholders

Be completely supported by the program when finalized

Organizationally, day-to-day activities require :

Maintaining focus on the highest priority package at hand

Rapidly shifting focus to support stakeholder review meetings to present your findings

Daily reporting of package status to coordinate multiple teams reviewing multiple packages

Contributing to, and following, detailed standard operating procedures to ensure :

Firm, fair, and consistent reviews from one package to the next

Secure handling of sensitive and proprietary vendor data

Coordination of document revision control with your team members

Exceptional candidates will have experience in several of the following areas of compliance focus :

FIPS 140 validated encryption addressing data at rest, data in transit, and MFA authenticators

Human-to-machine authentication based on NIST SP 800-63-3

Familiarity with service offerings from hyperscale IaaS / PaaS vendors such as AWS, Azure, Google, IBM, and Oracle such as :

How a vendor implements TCP / IP constructs within their respective software defined networking (SDN) architectures

Which implementations are deployed for customers by default, versus requiring customer configuration, or entirely a customer responsibility

Aspects of DNS including DNSSEC, typical configurations for DDoS protection, DNS over TLS (DoT), and DNS over HTTPS (DoH)

Domain-based Message Authentication, Reporting & Conformance (DMARC) for email

Research evolving Federal policy and guidance for application to FedRAMP initiatives and cloud service reviews

Develop policy / guidance for new / emerging technologies

Required Qualifications

Understanding of government cryptography requirements

Strong understanding of cloud architecture, various cloud technologies, and security concepts

Strong understanding of networking principles and security best practices Strong analytical and writing skills

Strong technical research skills

Strong communication skills and ability to explain complex technical concepts to non- technical stakeholders

Excellent teamwork, organizational, communication, and collaboration skills

US citizen and eligible for public trust

Jr level

Bachelor's degree in Computer Science, Software Engineering, or a related field plus 3 years of experience OR Master's degree in Computer Science, Software Engineering, or a related field plus 1 years of experience; or Associate's Degree + 6 years of experience, Or High School diploma or equivalent + 9 years of experience.

• Compensation : $77,000 - $120,275

Mid level

Bachelor's degree in Computer Science, Software Engineering, or a related field plus 5 years of experience. OR Master's degree + 3 years of experience; or Associate degree + 8 years of experience, Or High School diploma pr equivalent + 11 years of experience.

Senior level

Bachelor's degree in Computer Science, Software Engineering, or a related field plus 8 years of experience; OR Master's degree + 6 years of experience; or Associate's degree + 11 years of experience; or High School diploma + 14 years of experience.

Desired Qualifications

Application development

Security automation techniques

Security testing and penetration testing experience

Vulnerability management experience

API development and security practices

Experience developing enterprise security policies and procedures

OSCAL experience

CISSP, CISA, CISM or similar certifications

Experience with operating system or network security management Experience managing incident response and after-action remediation

Post graduate degree in computer science, cybersecurity or information systems

Overview

Noblis () and our wholly owned subsidiaries, Noblis ESI , and Noblis MSD tackle the nation's toughest problems and apply advanced solutions to our clients' most critical missions. We bring the best of scientific thought, management, and engineering expertise together in an environment of independence and objectivity to deliver enduring impact on federal missions. Noblis works with a wide range of government clients in the defense, intelligence and federal civil sectors. Learn more at Noblis -About Us ()

Why work at a Noblis company?

Our employees find greater meaning in their work and balance the other things in life that matter to them. Our people are our greatest asset. They are exceptionally skilled, knowledgeable, team-oriented, and mission-driven individuals who want to do work that matters and benefits the public. Noblis has won numerous workplace awards () . Noblis maintains a drug-free workplace.

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to race, color, ethnicity, sex, age, national origin, religion, physical or mental disability, pregnancy / childbirth and related medical conditions, veteran or military status, or any other characteristics protected by applicable federal, state, or local law.

If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and / or to receive other benefits and privileges of employment, please contact us () .

EEO is the Law () | E-Verify () | Right to Work ()

Total Rewards

At Noblis we recognize and reward your contributions, provide you with growth opportunities, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, and work-life programs. Our award programs acknowledge employees for exceptional performance and superior demonstration of our service standards. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in our benefit programs. Other offerings may be provided for employees not within this category. We encourage you to learn more about our total benefits by visiting the Benefits () page on our Careers () site.

Compensation at Noblis is determined by various factors, including but not limited to, the combination of education, certifications, knowledge, skills, competencies, and experience, internal and external equity, location, clearance level, as well as contract-specific affordability, organizational requirements and applicable employment laws. The projected compensation range for this position is based on full time status. For part time or on-call staff, compensation is proportionately adjusted based on hours worked. While monetary compensation is important, it's just one component of Noblis' total compensation package.

Posted Salary Range

USD $78,900.00 - USD $123,300.00 / Yr.