FedRAMP Validator & Sr. ISSO at ECS Corporate Services in Fairfax, Virginia

Job Description:

ECS is seeking a FedRAMP Validator & Sr. ISSO to work in our Remote or National Capital Region office. Please Note:
This position is contingent upon [additional funding].




Job Description:

• FedRAMP Validator
• Serve as a FedRAMP Validator as part of the DISA Joint Validation Team, in one or more FedRAMP Provisional Authority (PA) pursuits. Anticipate 1 to 2 FedRAMP PA pursuits, which will be approximately 20% of the time.
• Collaborate with DISA JVT Lead, Cloud Service Provider (CSP) and the Third-Party Assessment Organization(3PAO)
• Validate 3PAO assessment and provide input for information exchange meetings.
• Review CSP comments and responses with 3PAO for adjudication.
• Work with the DISA JVT Lead to establish schedules and completion timelines.
• Assess and validate the compliance of implemented controls.
• Ensure compelling evidence mapped to applicable security controls.
• Review documentation for completeness and structural thoroughness.
• Review system architecture to develop an understanding of authorization boundaries and data flows.
• Review trusted connections and remote access activities.
• Provide documentation review comments to the JVT Lead in the Enterprise Mission Assurance. Support Service (eMASS) system or via other media.
• Meet weekly, or daily if needed, with the DISA JVT Lead, CSP and 3PAO.
• Senior ISSO
• Serve as a principal ISSO to one or more Boundary/System Owner and ISSM on all matters (technical or otherwise) involving the security. Anticipate 80% of the time will be dedicated to ISSO services.
• Provide Risk Management Framework (RMF) support to assigned DMDC/DHRA Information Systems; ensuring that System/Product Owners maintain an appropriate operational cybersecurity posture.
• Promote the DHRA/DMDC Risk Management Framework maturity
• Ensure control(s) assurance for the given systems' Common and Inherited Controls and Reciprocity
• Ensure systems are operated, used, maintained, and disposed of in accordance with DMDC and DHRA security policies and practices
• Determine information security requirements by evaluating DHRA/DMDC business strategies and requirements, researching information security standards; conducting system security and vulnerability analyses and risk assessments, assessing industry architectures/platforms and relative security benefits, and identifying architecture/platform integration issues that prevent the strongest possible security posture.
• Monitor compliance and conduct partial or full Control Assessments for a given boundary, as requested
• Understand, review and provide guidance for any artifact, such as but not limited to Data Flow Diagrams, Network Diagrams, Internal/External connections, configuration logs, security and monitoring logs, etc.,
• STIGS: Utilize the assigned tool, such as eMASSTER to generate STIG results, and assigned actions for remediation
• POA&Ms: Develop and track compliance for new and existing POA&Ms for a given boundary's identified weaknesses, or findings. Review POA&M status at the prescribed frequency, and engage staff members across the enterprise to ensure POA&M date are achieved on time and are documented in eMASS
• Manage ServiceNow ticket queues for cybersecurity Risk Management Branch and review/validate user access rights
• Create presentations and or metrics as requested. Create weekly, monthly and in-progress review presentations, as needed. Create and or maintain document

Salary Range: $150,000-$190,000

General Description of Benefits



Required Skills:

• 
  Must be a US citizen per contract, possess a Secret Clearance, and be willing to acquire and maintain a DoD Top Secret clearance if requested.
  
• 
  Bachelor's degree in computer science, cybersecurity, information security, or similar discipline AND 5+ years of cybersecurity experience, in support of the DoD or other federal clients. Education/Experience substitution allowable.
  
• Active DoD 8570 certification minimum compliance, including at least one of the following certifications in good standing: CASP+ CE, CISSP, Security+.
• Firm Understanding of the DISA FedRAMP Validator Process.
• Firm understanding of the NIST Special Publications, DoD Risk Management Framework (RMF) processes and NIST 800-53 security controls.
• 5+ years of experience as an ISSO, ISSM, SCA, or RMF Auditor.
• Broad technical knowledge is required in order to review DISA Security Technical Implementation Guides (STIGs).
• Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders.
• Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions.
• Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk.
• Knowledge of DoD cybersecurity policies, practices, and requirements.
• Excellent written and verbal skills are required.

Desired Skills:


Prior Navy Validator Experience.

Prior DMDC or DHRA experience.

ISSM and or CISM experience.


Top Secret Clearance.


Ability to be self-managing and self-directing.

Experience working with network infrastructure components, operating system platforms, cloud technologies, security tools, software development, and database technologies.


ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, sex, age, sexual orientation, gender identity or expression, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, status as a crime victim, disability, protected veteran status, or any other characteristic protected by law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.


ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.


General Description of Benefits



Apply Now