Description

SAIC is seeking a remote FedRAMP / Cyber Compliance Analyst. This is in support of the Department of Health and Human Services (HHS) cybersecurity mission to ensure HHS can actively protect the vital health information with which it is entrusted, respond to existing and emerging cybersecurity threats, and continue to enhance the program to ensure HHS has the capability and capacity to respond to new and emerging requirements, technologies and threats.

Responsibilities:

• Lead Cloud Service Providers (CSP) through the FedRAMP ATO process.
• Assist the HHS FedRAMP team identifying vulnerabilities and risks to CSP accreditation.
• Review CSP FedRAMP packages (System Security Plan, Authorization Boundary, Data Flow and other diagrams) ahead of full assessments.
• Assure CSP FedRAMP Boundary components in customer deployments are accurately described and implanted based on the appropriate FedRAMP security controls .
• Coordinate with internal stakeholder engineering teams to demonstrate the implementation of security compliance control implementations for technical, management, and operational requirements.
• Provide oversight on the independent initial and annual security audit of the security controls to ensure compliance with cloud requirements and governance models.
• Support the development of technical material, operational processes, security policies, and other core documents for the HHS FedRAMP team.
• Meet task deliverable metrics.
• Manage the Continuous Monitoring of the CSPs through Plans of Action and Milestones (POA&Ms) and monthly ConMon meetings.
• Reviewing IT security measures and safeguarding the information resources of the enterprise to maintain integrity, confidentiality, and availability of data/application.
• Leverage internal security operations procedures for efficient operation and protection of cloud application while maintaining security integrity.
• Assisting the Team Lead and FedRAMP SME with overall operations for executing projects involving scoping, initiating, high level design & architecture, resource mobilization and execution within cost & time parameters.

Qualifications

Required Qualifications:

• Experience and familiarity with cloud data security (FISMA/FedRAMP compliance).
• Bachelors degree and 5+ years of experience or an additional 4 years of experience in lieu of a degree.
• Direct FedRAMP experience.
• Strong understanding of Cloud computing models, architecture, design, and security evaluation.
• Extensive experience with vulnerability management and Plans of Action and Milestones (POA&Ms), with Privacy Impact Assessments, and security categorizations.
• Writing technical documentation and knowledge of Cloud and Security concepts.
• Technical experience related to FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, FISMA/NIST A&A.
• Understanding of the role of Third-party Assessment Organizations (3PAO).
• Experience with and knowledge of: National Institute of Standards and Technology (NIST) standards Strong governance, risk and compliance experience, Cloud Computing Security Requirements Guide (SRG).
• Experience with public cloud solutions (AWS, Google, and Azure).
• Proven ability to work with clients, business partners and suppliers.
• 2+ years direct FedRAMP experience preferred.

Education: Bachelor's Degree in a relevant field or 4 years of additional experience in lieu of a degree.

Certification: IAT Level I Certification(s) or above desired.

Clearance: Must be a U.S. Citizen with the ability to obtain and maintain a Public Trust clearance.

Target salary range: $115,001 - $125,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.

SAIC accepts applications on an ongoing basis and there is no deadline.

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.