Role: Cloud Risk Analyst
Location: Washington, DC (Remote for now)
Clearance: Must be a with the ability to obtain a Public Trust
Email: If interested, please send an updated resume to Rebeca at
The Cloud Risk Analyst shall provide the organization risk guidance on existing and emerging cloud technologies with the following tasks:
• Evaluate cloud technologies and determine risk of technology architecture, implementation and suitability for the Government. This may require interaction with vendors to gather product security features, research vulnerabilities/weaknesses, and provide implementation recommendations to Senior Management.
• Support the Government's A&A strategy for Cloud based systems.
o Provide technical writing support and guidance to system owners in the development, and technical review of System Security Plans (SSPs).
o Conduct in-depth technical security reviews, risk assessments, and architecture reviews for Cloud based technologies to ensure alignment with Government information security policies and technical guidelines.
o Develop recommendations for decision briefs for Senior Management to use in making ATO and other security decisions.
• Provide technical guidance in the development and revision of Government information security policies to incorporate Cloud technologies.
• The Cloud Risk Analyst shall provide risk management guidance and advisement to Government teams for emerging technologies to include new cloud, mobile and desktop application work products.
• Provide analysis and reporting via a CASB tool on the cloud products currently in use at the Government to include high-risk services, data usage, and threats.
•Bachelor's degree in a related field and 2-3 years of Cloud Technologies. In lieu of a bachelor's degree, at least four (4) years of IT security experience with emphasis on Cloud Technologies is required.
•Knowledge and expertise in cloud computing, virtualization, Platform as a Service (PaaS), Infrastructure as a Service (IaaS), Software as a Service (SaaS).
•Demonstrated experience in conducting technical risk assessments for various Cloud platforms.
•Experience working with Cloud Security Alliance (CSA) guidelines and security guidance from the National Institute of Standards and Technology (NIST) to include SP-800-53A: Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans, NIST SP 800-144: Guidelines on and Security and Privacy in Public Computing Cloud, NIST SP 800-145: The NIST Definition of Cloud Computing, NIST SP 800-146: Cloud Computing Synopsis and Recommendations; Federal Risk and Authorization Management Program (FedRAMP) security control baselines and security guides.
•Demonstrated understanding and/or experience of various Cloud environments.
•Demonstrated experience supporting a CASB tool.
•Strong familiarity with FedRAMP and Federal Cloud guidelines.
•Achievement of CCSP (Certified Cloud Security Professional), CISSP (Certified Information Systems Security Professional) and/or CRISC (Certified in Risk and Information Systems Control) certification(s) a plus.
•Ability to effectively communicate both orally and in writing (to include technical documentation).
•Ability to communicate effectively with technical and non-technical users.
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or