FedRamp Validator & Sr ISSO

Posted 2025-04-22
Remote, USA Full-time Immediate Start

ECS is seeking a FedRAMP Validator & Sr. ISSO to work in our Remote or National Capital Region office. Please Note: This position is contingent upon [additional funding].
?? FedRAMP Validator
?? Serve as a FedRAMP Validator as part of the DISA Joint Validation Team, in one or more FedRAMP Provisional Authority (PA) pursuits. Anticipate 1 to 2 FedRAMP PA pursuits, which will be approximately 20% of the time.
?? Collaborate with DISA JVT Lead, Cloud Service Provider (CSP) and the Third-Party Assessment Organization(3PAO)
?? Validate 3PAO assessment and provide input for information exchange meetings.
?? Review CSP comments and responses with 3PAO for adjudication.
?? Work with the DISA JVT Lead to establish schedules and completion timelines.
?? Assess and validate the compliance of implemented controls.
?? Ensure compelling evidence mapped to applicable security controls.
?? Review documentation for completeness and structural thoroughness.
?? Review system architecture to develop an understanding of authorization boundaries and data flows.
?? Review trusted connections and remote access activities.
?? Provide documentation review comments to the JVT Lead in the Enterprise Mission Assurance. Support Service (eMASS) system or via other media.
?? Meet weekly, or daily if needed, with the DISA JVT Lead, CSP and 3PAO.
?? Senior ISSO
?? Serve as a principal ISSO to one or more Boundary/System Owner and ISSM on all matters (technical or otherwise) involving the security. Anticipate 80% of the time will be dedicated to ISSO services.
?? Provide Risk Management Framework (RMF) support to assigned DMDC/DHRA Information Systems; ensuring that System/Product Owners maintain an appropriate operational cybersecurity posture.
?? Promote the DHRA/DMDC Risk Management Framework maturity
?? Ensure control(s) assurance for the given systems' Common and Inherited Controls and Reciprocity
?? Ensure systems are operated, used, maintained, and disposed of in accordance with DMDC and DHRA security policies and practices
?? Determine information security requirements by evaluating DHRA/DMDC business strategies and requirements, researching information security standards; conducting system security and vulnerability analyses and risk assessments, assessing industry architectures/platforms and relative security benefits, and identifying architecture/platform integration issues that prevent the strongest possible security posture.
?? Monitor compliance and conduct partial or full Control Assessments for a given boundary, as requested
?? Understand, review and provide guidance for any artifact, such as but not limited to Data Flow Diagrams, Network Diagrams, Internal/External connections, configuration logs, security and monitoring logs, etc.,
?? STIGS: Utilize the assigned tool, such as eMASSTER to generate STIG results, and assigned actions for remediation
?? POA&Ms: Develop and track compliance for new and existing POA&Ms for a given boundary's identified weaknesses, or findings. Review POA&M status at the prescribed frequency, and engage staff members across the enterprise to ensure POA&M date are achieved on time and are documented in eMASS
?? Manage ServiceNow ticket queues for cybersecurity Risk Management Branch and review/validate user access rights
?? Create presentations and or metrics as requested. Create weekly, monthly and in-progress review presentations, as needed. Create and or maintain document

Salary Range: $150,000-$190,000

General Description of Benefits
?? Must be a US citizen per contract, possess a Secret Clearance, and be willing to acquire and maintain a DoD Top Secret clearance if requested.
?? Bachelor's degree in computer science, cybersecurity, information security, or similar discipline AND 5+ years of cybersecurity experience, in support of the DoD or other federal clients. Education/Experience substitution allowable.
?? Active DoD 8570 certification minimum compliance, including at least one of the following certifications in good standing: CASP+ CE, CISSP, Security+.
?? Firm Understanding of the DISA FedRAMP Validator Process.
?? Firm understanding of the NIST Special Publications, DoD Risk Management Framework (RMF) processes and NIST 800-53 security controls.
?? 5+ years of experience as an ISSO, ISSM, SCA, or RMF Auditor.
?? Broad technical knowledge is required in order to review DISA Security Technical Implementation Guides (STIGs).
?? Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders.
?? Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions.
?? Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk.
?? Knowledge of DoD cybersecurity policies, practices, and requirements.
?? Excellent written and verbal skills are required.

Apply Job!

 

Apply Now

Similar Jobs

Recent Jobs

Customs Trade Specialist- 1st Shift
Manager-Account Development (Westchester County, NY)
Delivery Station Customer Service Associate
Growth Marketing Manager - (REMOTE)
Customer Service Representative ?? Collections
Customer Service Loyalty Champion II
Customer Service Loyalty Champion II
Project Manager Analyst (PMI/HealthPlan Required)
Healthcare Economics Associate - Remote,
Customer Service Representative - MasterTax

You May Also Like

Data Entry Technician
Assistant Office Engineer
(Live Chat Remote Jobs) Fedex Part-Time Remote $30/H- work from home (WFH)
VP - Data Infrastructure Lead Engineer
Claims Adjuster Associate
Flexible Delivery Specialist
Software Engineer III, Mobile (iOS), YouTube
(USA) Staff, Software Engineer
Customer Service Representative (Remote Work Available)
Contact Center Manager - Remote
Back to Job Board