Our client, a risk analytics database, is looking for a FEDRamp Engineer to join their team remotely on a 1 year contract that can extend or convert.
This is a W-2 contract up to $70 per hour
Responsibilities:
• Develop and maintain a comprehensive continuous monitoring plan based on NIST SP 800-53 guidelines, FedRAMP requirements, and organization-specific needs.
• Establish processes and procedures to collect, analyze, and report security-related information from various sources, such as security controls, vulnerability assessments, and incident response activities.
• Conducting regular risk assessments to identify potential vulnerabilities and threats to cloud-based systems. Define key performance indicators (KPIs) and metrics to measure the effectiveness of the continuous monitoring program
• Monitoring and analyzing security logs, event data, and system alerts to identify anomalies, security incidents, and non-compliance with established security policies.
• Evaluating vulnerability scans and penetration tests to assess the security posture of cloud-based systems.
• Reviewing and analyze security assessment and authorization (SA&A) artifacts, including system security plans, risk assessments, and security control implementation documentation.
• Providing support during internal and external audits or assessments by compiling and presenting evidence of compliance with FedRAMP and NIST guidelines.
Requirements:
• Possess an In-depth understanding of the NIST Special Publication 800-53 guidelines and FedRAMP requirements
• Possess an understanding of security controls and their implementation within complex IT environments. Demonstrated experience in implementing and managing continuous monitoring programs for cloud-based systems within the Federal Government.
• Possess knowledge of cloud technologies, infrastructure, and security controls (e.g., AWS, Azure). Familiarity with industry-leading security tools, vulnerability scanners, and security information and event management (SIEM) systems.
• Proficiency in evaluating vulnerability assessments, penetration testing, and security and incident response.
• Knowledge of security assessment and authorization (SA&A) processes, system security plans, and risk management frameworks (e.g., RMF).
• Possess the ability to work across programming languages and frameworks (e.g., Python, Power Shell) Have the proficiency in Business Intelligence platforms (e.g., Power BI)
• Working knowledge of XML/JSON/Excel (Pivot Tables, VLOOKUPs, etc.)
• Experience with Data Warehousing and Extract, Load, Transform (ETL) process. Ability to work with databases and write simple to complex queries using SQL
• Have knowledge of software development methodologies (e.g., Agile, Waterfall). As well as familiarity with Cloud services (Azure)
