Cloud Security Assessor - Expert

Job Family:

Travel Required:

Clearance Required:

What You Will Do:
The SCA advises key stakeholders such as the Program Office Data Owner and Authorizing Official/Delegated Authorizing Official concerning the security categorization and impact levels for confidentiality integrity and availability of the information on a system. The SCA conducts a comprehensive assessment of the security controls employed within or inherited by an Information System (IS) to determine their overall effectiveness and submit the Body of Evidence (BoE) composed of the System Security Plan (SSP) Security Assessment Report (SAR) Plan of Action and Milestones (POA&M) and draft Authorization to Operate (ATO) Letter to the Authorizing Official (AO) or Delegated Authorizing Official (DAO) for review and authorization decision.

This role is responsible for supporting RMF assessment efforts. As an expert Security Controls Assessor with expertise in cloud infrastructure possesses specialized skills in evaluating the security controls of systems hosted in cloud environments. Their technical functions encompass a range of tasks aimed minimizing risk while also ensuring the integrity confidentiality and availability of data within the domain. Here are the technical functions typically associated with this role:

• Support the Assessment and Authorization (A&A) Risk Management Framework (RMF) for clientmanaged systems networks and enclaves across security domains.

• Validate and review security documentation ensuring accuracy and compliance with regulatory standards.

• Advise ISSOs on security categorization and control selection (RMF Steps 1 and 2) and conduct Technical Exchange Meetings (TEMs) with security professionals.

• Develop test reports assessment artifacts and Plan of Action and Milestones (POA&Ms) to document findings and oversee resolution efforts.

• Perform Security Test and Evaluation (ST&E) assessments ensuring compliance with DoDIIS security standards.

• Review system specifications security needs and vulnerabilities.

• Develop security assessment documentation including System Security Plan (SSP) Security Assessment Report (SAR) and draft Authorization to Operate (ATO) letters.

• Conduct security assessments using automated tools and manual techniques to evaluate vulnerabilities across domains such as access control cryptography network security and incident response.

• Perform vulnerability scans analyze findings and recommend remediation strategies.

• Conduct penetration testing web application security testing wireless network assessments and social engineering exercises.

• Validate security configurations for compliance with policies and industry best practices.

• Assess regulatory compliance (e.g. GDPR HIPAA PCI DSS SOX) and develop risk mitigation strategies.

• Prepare detailed assessment reports and communicate findings to stakeholders.

• Contribute to continuous improvement initiatives for security assessment methodologies and tools.

• Share cybersecurity knowledge through training mentoring and staying updated on emerging threats and trends.

• Develop and implement automated security assessment and monitoring solutions.

• Design and maintain security architectures for cloud and onpremise systems.

• Perform secure code reviews and static/dynamic application security testing (SAST/DAST).

• Support security engineering efforts in implementing security controls and integrating security solutions within enterprise environments.

• Conduct forensic analysis and incident response investigations to identify and mitigate security threats.

• Develop security automation scripts and tools to streamline security assessment processes.

What You Will Need:

• An ACTIVE and MAINTAINED TOP SECRET/SCI federal security clearance with a Counterintelligence (CI) polygraph

• Bachelors degree

• Certification in DoD 8570.01M Cybersecurity workforce compliance with DoD Directive 8140 Cyberspace Workforce Management and IAT Level III (CASP CE CCNP Security CISA CISSP (or Associate) GCED GCIH CCSP).

• FIVE (5) or more years experience cybersecurity

What Would Be Nice To Have:

• Focus on the consistent execution and updating of organizational processes and procedures to drive SCA efforts.

• Preferred experience with briefing Senior Executive personnel.

• Solid experience conducting cyber security assessment of complex cloud systems.

• Solid experience with technologies such as Cloud Data Encryption Data Storage.

• Have a good understanding of the Intelligence Community (IC) and DIA.

• Have solid knowledge of networking technologies and protocols.

• Have solid knowledge of NIST Risk Management Framework DoD IC Cyber Security controls for Cross Domain Solutions.

What We Offer:

Guidehouse offers a comprehensive total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

• Medical Rx Dental & Vision Insurance

• Personal and Family Sick Time & Company Paid Holidays

• Position may be eligible for a discretionary variable incentive bonus

• Parental Leave and Adoption Assistance

• 401(k) Retirement Plan

• Basic Life & Supplemental Life

• Health Savings Account Dental/Vision & Dependent Care Flexible Spending Accounts

• ShortTerm & LongTerm Disability

• Student Loan PayDown

• Tuition Reimbursement Personal Development & Learning Opportunities

• Skills Development & Certifications

• Employee Referral Program

• Corporate Sponsored Events & Community Outreach

• Emergency BackUp Childcare Program

• Mobility Stipend

About Guidehouse

Guidehouse is an Equal Opportunity EmployerProtected Veterans Individuals with Disabilities or any other basis protected by law ordinance or regulation.

Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.

If you have visited our website for information about employment opportunities or to apply for a position and you require an accommodation please contact Guidehouse Recruiting ator via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.

All communication regarding recruitment for a Guidehouse position will be sent from Guidehouse email domains including @ or . Correspondence received by an applicant from any other domain should be considered unauthorized and will not be honored by Guidehouse. Note that Guidehouse will never charge a fee or require a money transfer at any stage of the recruitment process and does not collect fees from educational institutions for participation in a recruitment event. Never provide your banking information to a third party purporting to need that information to proceed in the hiring process.

If any person or organization demands money related to a job opportunity with Guidehouse please report the matter to Guidehouses Ethics Hotline. If you want to check the validity of correspondence you have received please contact . Guidehouse is not responsible for losses incurred (monetary or otherwise) from an applicants dealings with unauthorized third parties.

Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.