Cloud Security Assessor

Responsibilities:

• Review and analyze Deviation Requests including validations or justifications for findings Monthly One Pagers describing the cybersecurity status of Cloud Service Offerings (CSOs) Annual Assessments of mandatory and selected controls weekly Playbooks detailing ConMon status for specific CSOs Security Change Requests (SCRs) for new capabilities vulnerability scan data POA&Ms and other updates impacting the risk posture of CSPs
• Create and maintain Monthly One Pagers and weekly Playbooks to communicate the evolving cybersecurity posture of assigned CSOs
• Support DoD and FedRAMP monitoring programs by ensuring oversight of CSPs through a risk-based approach that provides Authorizing Officials (AOs) with actionable insights into the CSP environments risk profile
• Conduct recurring assessments and validations to ensure that implemented security controls meet DoD and FedRAMP compliance requirements
• Monitor the effectiveness of system risk safeguards and security controls using a proactive risk-based continuous monitoring strategy
• Maintain ongoing visibility into CSP applications and devices to support risk-informed decision-making and ensure alignment with authorized risk thresholds
• Support CSP architectural reviews to enable timely mitigation and improve situational awareness through a risk-based approach to network visibility
• Apply integrated risk management and security assessment processes to identify and recommend corrective actions based on potential threats or weaknesses
• Verify that CSPs perform vulnerability scans on all required controls in accordance with DoD and FedRAMP guidelines
• Track and review monthly submissions of POA&Ms vulnerability scans SCRs deviation requests and Playbooks to ensure compliance with FedRAMP and DoD continuous monitoring requirements
• Contribute to efforts that streamline and reduce government investment in time cost and resources for ConMon activities across cloud systems
• Participate in conducting Annual Assessments in accordance with DoD and FedRAMP standards
• Provide compliance assessments and risk analyses for CSOs in support of annual reviews extension and change requests and directives such as Binding Operational Directives (BODs) and Emergency Directives (EDs) including developing supporting documentation recommendations reports and presentations
• Assist with documenting and maintaining continuous monitoring standards and frameworks for ongoing use and maintain all ConMon-related documentation and changes in control implementation status in eMASS or the government-designated GRC system

Requirements:

• Bachelors degree (IT-related field preferred) and five (5) years of experience in cybersecurity or network security position including 2 years supporting cloud security assessments under DoD FedRAMP or NIST frameworks. Additional relevant experience may be considered in lieu of degree.
• Active DoD Top Secret clearance with SCI eligibility required
• DoD 8570 IAM II or IAT II certification
• Strong understanding of RMF NIST SP 800-53 controls and FedRAMP ConMon requirements
• Experience reviewing Deviation Requests SCRs POA&Ms vulnerability scans and related artifacts
• Familiarity with creating and reviewing Playbooks Monthly One Pagers and Annual Assessment documentation
• Skilled in analyzing scan data and assessing risk posture across cloud-based environments
• Working knowledge of vulnerability scanning tools (e.g. Nessus Qualys) and cybersecurity monitoring platforms
• Experience with GRC systems such as eMASS for uploading and managing compliance documentation
• Strong tech writing and comm skills to develop reports risk summaries and AO briefings
• Able to prioritize tasks independently while supporting cross-functional cybersecurity efforts
• Ability and willingness to travel for assessments as required

Original Posting:

For U.S. Positions: While subject to change based on business needs Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.