Cloud Computing Specialist

Cloud Computing Specialist

Remote

**U.S Citizenship Required**

Serves as an Information Assurance and Cloud computing SME with regards to Certification and Accreditation (C&A) and a broad coverage of the application of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) standards and guidance as outlined in the NIST Special Publication(s) (SP) 800-53 and 800-37 (Current versions).

Primary Duties and Responsibilities

• Google Cloud Platform (Google Cloud Platform) Service Management


• The CCS shall maintain current certification as a Certified Cloud Security Professional. Possesses the ability to work independently with substantial cloud computing security knowledge.


• The assessor must have the essential skillsets to identify, manage and resolve cloud computing security risk and implement "best practices" as applied within a cloud environment (across all of the different deployment and service models, and derivatives).

Other Duties and Responsibilities

• Investigates computer and information security incidents to determine extent of compromise to national security information and automated information systems.


• Defines security objectives and system-level performance requirements.


• Researches and stays abreast of tools, techniques, countermeasures, and trends in computer network vulnerabilities.


• Configures and validates secure systems, tests security products/systems to detect computer and information security weaknesses.


• Maintains the computer and information security incident, damage and threat assessment programs.


• Responsible for the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports.


• Involved in the periodic conduct of a review of each system's audits and monitors corrective actions until all actions are closed.


• Designs, develops, or recommends integrated system solutions ensuring proprietary/confidential data and systems are protected.


• Involved in the establishment of strict program control processes to ensure mitigation of risks and supports obtaining certification and


• accreditation of systems.


• Reviews processes and security protocols and makes recommendations for increased cyber security protection

Minimum Qualifications

• U.S Citizen

• Bachelor's Degree in Computer Science or a related field.


• The CCS must be well versed in FedRAMP assessment methodology of security and privacy controls deployed in cloud information systems to include six (6) domain areas. The six domains include:




• Architectural Concepts & Design Requirements


• Cloud Data Security


• Cloud Platform & Infrastructure Security


• Cloud Application Security


• Operations


• Legal & Compliance Minimum Qualifications:




• Five (5) years of relevant C&A experience; Risk Management Framework (RMF) and NIST C&A experience


• DOD IA experience


• Experience in assessing IA Controls and conducting C&A reviews for large, complex Information systems

Security Clearance

• Active Secret level clearance


• Sensitivity Level: IT-I Critical Sensitive

Certifications:

• Computing Environment: IAT II or IAT III (Security+ or similar)


• 01-M Baseline Certification: One of the following Azure or AWS cloud-based certification per DLA Approved CE list




• AWS Certified Security - Specialty


• AWS Certified Solutions Architect - Associate AWS Certified Solutions Architect - Professional Microsoft Certified: Azure Administrator Associate


• Microsoft Certified: Azure Solutions Architect Expert Microsoft Certified Azure Security Engineer Associate

Other Job Specific Skills

• Must be able to communicate effectively and clearly present technical approaches and findings.


• Exercises a limited degree of latitude in determining technical objectives of assignments.


• Excellent attention to detail.


• Must be able to balance multiple tasks simultaneously.


• Advanced knowledge of encryption, vulnerability assessment, penetration testing, cyber forensics, intrusion detection, and incident response and remediation.