xRAMP Advisory, Senior Consultant

Job Description

• Serving as the technical security and compliance subject matter expert on FedRAMP advisory engagements
• Driving discussions with clients regarding key, complex, and technical FedRAMP areas (e.g., container security, boundary protection, FIPS 140-2 Validated encryption, phishing resistant MFA, DNSSEC, and DMARC)
• Analyzing system boundaries and advising clients in accordance with FedRAMP boundary guidance
• Providing technology-specific guidance and advice for commonly used Cloud platforms (e.g., AWS, Azure, GCP, etc.) and technologies (e.g., Windows, Unix, Docker, Kubernetes, etc.)
• Explaining FedRAMP-defined requirements and conventions (e.g., rules that are not formally documented but are widely accepted and enforced) and helping cloud service providers apply them to specific environments
• Identifying control gaps and providing comprehensive recommendations and guidance for client remediation including technical solution and tool options for network protection; MFA; vulnerability scanning; configuration management; malware, intrusion, file integrity, and allow-list monitoring; log correlation and analysis (SIEM); etc.
• Advising clients on navigating FedRAMPs authorization processes, including timelines and Continuous Monitoring (ConMon) expectations
• Performing quality assurance reviews of FedRAMP-required System Security Plans (SSP) and policies and procedure documentation and developing technical content for a subset of the most complex controls and SSP Appendices (e.g., Cryptographic Modules Table)
• Helping clients plan for, establish, and execute regular ConMon processes and providing subject matter guidance on complex ConMon reporting issues, including risk acceptance requests, vulnerability downgrades, configuration deviations, etc.
• Training and mentoring team members on FedRAMP requirements, cloud architectures, DevSecOps, and security tools and technologies

• 7-10+ years of progressive experience in technical security assessment/audit or advisory and/or security/cloud engineering with a compliance focus
• 5+ years experience as a FedRAMP assessor and/or advisor
• Bachelors degree in computer science, information systems or a related discipline
• Current knowledge of and experience with FedRAMP (rev. 5) requirements and expert-level knowledge of NIST 800-53 control families
• Widespread understanding of commonly used cloud providers, platforms, cloud technologies and security tools
• Proven skills as a professional services advisor providing direction and input to diverse clients
• Effective communication skills, both interpersonal and written, for both deep-in-the-weeds technical matters and higher-level general concepts
• Flexibility to work independently or as a part of a larger team
• Demonstrated competence: general security certification (CISSP, CISA, GIAC GSNA, or CAP/CGRC), cloud certification (CCSP, CCSK, CCAK), and/or hyperscale cloud certifications (like AWS Solutions Architect Professional or AWS Certified Security - Specialty)

Visit Original Source: