• FedRAMP Cloud Security Compliance - Senior Associate

    Job Locations US-MD-Annapolis Junction
    ID
    2019-3447
    Category
    Client Services
    Type
    Regular Full-Time
  • Overview

    What do you get when you bring together the brightest minds and place them into an exciting, fast-paced environment that fosters intellectual growth and rewards based on impact, not tenure?

     

    You get one of the fastest growing consulting companies in the United States. While we may be a new name in consultancy, we were born from a storied one. Guidehouse was founded in 2018 as an evolution of PwC Public Sector with a mission to help our clients deliver on their mission; providing bold new strategies that catalyze transformative results across all ends of the enterprise. We embrace brilliance. We embrace independence. Join us.

     

     

     

    Responsibilities

    Our Cybersecurity and Privacy Consultants are a team of business integrators with extensive consulting and industry experience who help our clients solve their complex business issues from strategy through execution. A Cybersecurity and Privacy consulting career may provide the opportunity to grow and contribute to our clients' business issues every day, applying a collection of security spectrum capabilities, including security strategy and governance, IT risk, security technologies, and cybercrime and breach response.

     

    The Security and Privacy Support role includes Information System Security Officer (ISSO) support activities such as, but is not limited to: creating core documents for new applications being developed (SSPs, CPs, ISRAs, PIAs) to obtain an ATO; developing Security Impact Assessments (SIAs) and presentations for the CMS Technical Review Board (TRB); and providing knowledge and support in aligning with federal security and privacy standards (NIST, FISMA, CMS ARS, etc.) to obtain an application’s ATO.

    Qualifications

    Minimum Year(s) of Experience: 5-7 years

    Minimum Degree Required: Bachelor's degree


    • Relevant Security certificate (e.g., CISSP, CAP, FITSP)
    • Experience with security industry standards (NIST 800 series, NIST FIPS, HIPAA / HITECH)
    • Extensive experience with application security
    • Extensive experience with required Certification & Accreditation (C&A) artifacts across the SDLC, including System Security Plans (SSP), Information System Risk Assessments (ISRA), Contingency Plans (CP) and Testing, Configuration Management Plans (CM), Interface Control Documents (ICD), Security Impact Assessments (SIA), Privacy Impact Assessments (PIA) and System of Records Notice (SORN), Authorization to Operate (ATO) packages,
    • Extensive experience documenting compliance descriptions in SSPs for IT Security and Privacy controls (e.g. NIST SP 800-53, etc.)
    • Experience with FedRAMP processes and requirements for applications to comply with FedRAMP
    • Knowledge and experience working with applications hosted in the Cloud, including Microsoft Azure Government and/or Amazon Web Services (AWS)
    • Experience supporting security for a system with agile software development
    • Experience or familiarity with DevSecOps principles and practices (including CICD pipeline)
    • Experience or familiarity with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) processes, tools, and findings remediation
    • Experience collaborating with developers to explain testing vulnerabilities so they can be resolved

    Desired:

     

    • Experience working in fast-paced iterative environment following agile methodology.
    • Experience with CMS Policies, Standards, Procedures and Guidelines, CMS TRA, CMS Risk Management Handbook (RMH), CMSR ARS, HIPAA policies, CMS Expedited Life Cycle (XLC) and other Information Security (IS) Standards (where applicable

     

    Security Clearance: Public Trust 

    Additional Requirements

    • This position requires successful completion of a background check and employment verification.
    • The successful candidate must not be subject to employment restrictions from a former employer (such as a non-compete) that would prevent the candidate from performing the job responsibilities as described.

     

    Disclaimer

    Guidehouse is an affirmative action and equal opportunity employer. Employment decisions will be made without regard to race, color, religion, sex, age, national origin, military status, veteran status, handicap, physical or mental disability, sexual orientation, gender identity, genetic information or other characteristics protected by law.

     

    If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.

     

    Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

     

    Benefits include:

    • Medical, Rx, Dental & Vision Insurance
    • Personal and Family Sick Time & Company Paid Holidays
    • Parental Leave and Adoption Assistance
    • 401(k) Retirement Plan
    • Student Loan Paydown
    • Basic Life & Supplemental Life
    • Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
    • Short-Term & Long-Term Disability
    • Tuition Reimbursement, Personal Development & Learning Opportunities
    • Skills Development & Certifications
    • Employee Referral Program
    • Corporate Sponsored Events & Community Outreach
    • Emergency Back-Up Childcare Program

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed