Cloud Senior Security Risk Analyst

Job: Cloud Senior Security Risk Analyst

Key Responsibilities
Conduct cloud security risk assessments and compliance evaluations in AWS environments.
Analyze and improve Identity and Access Management (IAM) configurations across enterprise cloud systems.
Monitor cloud infrastructure using Splunk, AWS Security Hub, and other SIEM/SOAR tools.
Translate complex technical findings into business risk for executive audiences.
Collaborate with security architects, engineers, and compliance teams to remediate vulnerabilities and implement controls.
Support ATO documentation and audit readiness for systems under FedRAMP and CMS security guidelines.
Participate in Agile sprints to evaluate cloud configurations and support secure DevSecOps practices.
Lead and document system-level risk analysis and decisions.

Required Qualifications
5+ years in information security, including 2+ years in cloud risk analysis or compliance.
Experience with AWS services and IAM policies (MFA, RBAC, least privilege).
Strong working knowledge of NIST 800-53 and FedRAMP frameworks.
Proficiency in Splunk for log analysis, threat hunting, and dashboarding.
Familiarity with AWS-native security tools (e.g., GuardDuty, Config, Access Analyzer).
Hands-on experience working within an Agile development or DevSecOps environment.
Excellent communication skills and ability to advise cross-functional teams.

Nice to Have
Prior experience supporting CMS, CBIC, or other federal healthcare IT programs.
Understanding of HIPAA and HHS cybersecurity policies.
Relevant certifications: CISSP, CCSP, CRISC, or AWS Security Specialty.
Familiarity with control implementation documentation (SSPs, SARs, POA&Ms).
Experience in conducting independent audits of cloud systems and providing risk-based recommendations.