Job Family:Cyber Consulting
Travel Required:Up to 10%
Clearance Required:Ability to Obtain Public Trust
What You Will Do:The Cloud Security & Authorization Technical Analyst provides deep technical expertise in securing, engineering, and independently assessing federal cloud environments. This role blends hands on cloud security engineering with Assessment & Authorization (A&A), Independent Verification & Validation (IV&V), and third party assessment support to ensure cloud platforms meet federal security, risk, and compliance requirements.
This position serves as a technical authority supporting FedRAMP based cloud authorizations, agency specific control implementations, and independent assessments while advising government stakeholders on secure cloud architecture and risk posture.
Key Responsibilities- Provide technical cloud security leadership for Assessment & Authorization (A&A) activities across IaaS, PaaS, and SaaS cloud environments aligned to NIST RMF and FedRAMP.
- Perform detailed technical reviews of cloud architectures, configurations, and security control implementations to validate compliance with NIST SP 800 53 and agency security requirements.
- Support and execute independent assessment or IV&V activities, including readiness reviews, control validation, and Security Assessment Report (SAR) development.
- Analyze Cloud Service Provider (CSP) FedRAMP packages (P ATO) and advise on agency specific control inheritance, shared responsibility models, and residual risk.
- Develop and review RMF artifacts including SSPs, control implementation matrices, SARs, POA&Ms, risk acceptance documentation, contingency plans, BIAs, PIAs, and ISAs.
- Conduct interviews and technical walkthroughs with system engineers, ISSOs, CSPs, and service providers to validate control implementation effectiveness.
- Support third party assessment (3PAO) coordination and provide technical quality assurance of assessment deliverables.
- Advise stakeholders on secure cloud design, compensating controls, and remediation strategies to address identified risks.
- Support IT audit and IV&V activities related to cloud security controls, evidence validation, and findings remediation.
- Contribute to cloud security standards, SOPs, and reusable authorization patterns to improve efficiency and consistency.
What You Will Need:- Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY and maintain an active HHS/NIH clearance are preferred.
- Minimum of TWO (2) years experience securing and engineering cloud platforms in federal or regulated environments.
- Demonstrated expertise implementing and validating cloud security controls aligned to NIST RMF and FedRAMP.
- Hands on experience reviewing or performing independent assessments, IV&V, or third party security assessments.
- Deep understanding of shared responsibility models, control inheritance, and cloud risk management.
- Experience developing and reviewing RMF documentation and SARs.
- Ability to translate complex cloud engineering concepts into clear risk and compliance narratives.
- Strong collaboration skills across engineering, security, compliance, and government teams.
What Would Be Nice To Have:- Experience with AWS, Azure, or GCP cloud security architectures in FedRAMP authorized environments.
- Prior experience supporting or acting as a 3PAO, IV&V team member, or independent assessor.
- CISSP, CCSP, AWS/Azure Security Specialty, or similar certification.
- Experience assessing CI/CD pipelines, IaC, containerized environments, or Zero Trust architectures.
- Experience supporting high impact or financial systems within federal agencies.
- Familiarity with ServiceNow, eCase, or automated GRC platforms.
The annual salary range for this position is $85,000.00-$141,000.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.
What We Offer:Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.
Benefits include:
- Medical, Rx, Dental & Vision Insurance
- Personal and Family Sick Time & Company Paid Holidays
- Position may be eligible for a discretionary variable incentive bonus
- Parental Leave and Adoption Assistance
- 401(k) Retirement Plan
- Basic Life & Supplemental Life
- Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
- Short-Term & Long-Term Disability
- Student Loan PayDown
- Tuition Reimbursement, Personal Development & Learning Opportunities
- Skills Development & Certifications
- Employee Referral Program
- Corporate Sponsored Events & Community Outreach
- Emergency Back-Up Childcare Program
- Mobility Stipend
