Description

Gray Analytics is seeking a Senior Cloud Information System Security Officer (ISSO) / Senior Cloud Security Engineer to support a Federal Government customer in designing, securing, and sustaining enterprise cloud environments. The successful candidate will serve as the cybersecurity technical lead responsible for implementing Risk Management Framework (RMF) activities, cloud security engineering, continuous monitoring, and accreditation support across hybrid and cloud-hosted information systems.

This position requires extensive experience with federal cybersecurity regulations, cloud security architectures, and security engineering principles supporting mission-critical systems.

Responsibilities
• Serve as the senior cybersecurity advisor supporting government cloud initiatives.
• Lead RMF implementation throughout the system lifecycle in accordance with NIST SP 800-37.
• Develop and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, Contingency Plans, and related RMF artifacts.
• Design and implement secure cloud architectures within AWS, Azure, or Azure Government environments.
• Develop security architectures aligned with Zero Trust Architecture (ZTA), FedRAMP, DoD Cloud Computing SRG, and CISA guidance.
• Lead vulnerability identification, risk analysis, and mitigation activities.
• Coordinate security assessments, penetration testing, and authorization activities with government Authorizing Officials and Security Control Assessors.
• Manage continuous monitoring programs and oversee vulnerability remediation efforts.
• Review security event data from SIEM platforms and coordinate incident response activities.
• Provide cybersecurity guidance to system administrators, cloud engineers, developers, and DevSecOps teams.
• Support audits and inspections from internal and external organizations.
• Mentor junior ISSOs and cybersecurity personnel.
• Prepare executive-level cybersecurity briefings, status reports, and recommendations.

Requirements

Required Qualifications:
• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or related discipline.
• 10+ years of information assurance, cybersecurity, or cloud security experience.
• Minimum of 5 years supporting Federal Government RMF programs.
• Experience securing cloud-hosted environments (AWS, Azure, or Azure Government).
• Security+
• Extensive knowledge of:
o NIST 800-37
o NIST 800-53 Rev. 5
o FISMA
o FedRAMP
o Zero Trust principles
o Security engineering best practices
• Experience with SIEM technologies, vulnerability management platforms, endpoint protection, and cloud-native security tools.
• Strong experience with POA&M management and continuous monitoring.
• Excellent written and verbal communication skills.
• Active Public Trust required.
• Ability to obtain and maintain a Secret Clearance.

Desired Qualifications:
• CISP
• CISM
• CCSP
• AWS Certified Security - Specialty
• Microsoft Azure Security Engineer Associate
• Experience supporting DOJ, DHS, DoD, or other Federal Civilian agencies.
• Experience supporting DevSecOps and Infrastructure as Code security.
• Technical leadership
• Strategic thinker
• Strong customer engagement
• Ability to mentor junior personnel
• Excellent analytical and problem-solving abilities