AGE Solutions is looking for a
Cloud SCA-R, Mid, to join our team in support of a cybersecurity risk management and assessment program with our DoD customer. In this role, you will be part of a team responsible for performing analysis, conducting independent validations of assessments, and Continuous Monitoring (ConMon) for authorized CSPs and CSOs.
Individuals in this role must be available to work full-time on-site at Ft. Meade, MD.
Essential Duties and Responsibilities Include: - Conduct cybersecurity assessments and validations of Cloud Service Offerings (CSOs) in support of the DoD Provisional Authorization (PA) process
- Prepare 30 Cloud Security Assessment Packages per year, including validated cybersecurity controls, certifier's recommendations, and residual risk statements
- Review Cloud Service Provider (CSP) documentation packages, including architectural diagrams, System Security Plans (SSP) with Addendums, Readiness Assessment Reports (RAR), Security Assessment Plans (SAP), and Security Assessment Reports (SAR)
- Evaluate supporting materials such as POA&Ms, Change Requests, Extension and Deviation Requests, Whitelist Requests, Corrective Action Plans, and applicable templates, checklists, and Continuous Monitoring (ConMon) artifacts
- Attend technical kickoff meetings to evaluate and document the CSP's security posture and readiness for assessment
- Analyze and provide feedback on assessment documentation, including the RAR, SAP, SSP, and system architecture diagrams
- Identify and document the operational impact of security authorizations, changes, or identified vulnerabilities within the CSP's environment
- Develop complete Cloud Security Assessment Packages in accordance with DoD standards, ensuring inclusion of SARs, POA&Ms, and Deviation Requests
- Create authorization recommendation memorandums summarizing compliance with DoD cybersecurity controls, technical evaluation results, and residual risk considerations
- Draft DoD PA memorandums outlining CSO boundary definitions, service offerings, authorization duration, terms and conditions, DoD usage considerations, and follow-on actions
- Validate implementation of CSO controls within eMASS or a government-provided GRC platform, and log assessment completion in the Mission Security Review (MSR)
- Review the Customer Responsibility Matrix (CRM) and ensure correct inheritance mapping within eMASS or the designated GRC tool
- Enter all authorization conditions into eMASS as system-level POA&Ms and monitor for timely resolution
- Upload and associate all CSP documentation with applicable security controls in eMASS or the appropriate system of record
- Track and manage all CSO-related data using the Team Lead Resource (TLR) Assessment Database
- Maintain and update the DoD Cloud Process Guide and associated templates, forms, checklists, and documentation
- Contribute to the development of internal instructions, how-to guides, and reference material to support consistent assessor workflows
- Ensure assessment activities are conducted in compliance with DoDI 8510.01 and the DoD Cloud Computing Security Requirements Guide (SRG)
- Document assessment methodologies and validation best practices to continuously improve assessment accuracy, consistency, and process efficiency
- Support the ongoing development and annual updates of the DoD Cloud Assessment Process Guides in alignment with evolving policy and government directives
Required Qualifications: - Education:
- Bachelor's degree (IT-related field preferred)
- Experience:
- Five (5) years of overall experience in cybersecurity or network security position
- Security Clearance:
- Must have an active DoD Top Secret clearance with SCI eligibility
- Certifications:
- DoD 8570 IAM/IA Technical (IAT) Level II certification
- Skills and Knowledge:
- Working knowledge of DoD Risk Management Framework (RMF) and DoDI 8510.01
- Familiarity with the DoD Cloud Computing Security Requirements Guide (SRG) and associated cloud security policies
- Familiarity with security controls for Azure, AWS, and assorted cloud platforms
- Experience conducting security assessments and developing security documentation (e.g., SSP, SAR, POA&M, SAP)
- Proficiency with eMASS or equivalent Government Risk and Compliance (GRC) tools
- Demonstrated ability to interpret and apply NIST SP 800-53 security controls in cloud environments
- Strong analytical and technical writing skills with the ability to communicate complex topics clearly
- Location:
- Applicants must reside within a commutable distance of Ft. Meade, MD in order to work onsite full time.
The projected salary range for this position is $100,000+ annually. Final compensation will be determined based on factors including years of relevant experience, active security clearance level, certifications, technical skillset, contract requirements, and overall qualifications.