xRAMP assessment, Consultant
Description:
Job Description
xRAMP Assessment - Consultant
SecureIT is a leading provider of cybersecurity, cloud and compliance advisory services. We are committed to quality and the relationships that we build with our clients.
At SecureIT, you will work alongside industry experts, tackling complex challenges to educate, guide and protect our clients. We foster an environment of continuous learning, professional growth and collaboration. SecureIT offers an exciting and rewarding career path with an excellent benefits package.
Reach out today if you're ready to join our impactful team!
We are currently hiring a Consultant as part of our xRAMP Assessment team.
Responsibilities include but are not limited to:
Assessing NIST 800-53 Rev 5 controls against FedRAMP baselines
Assessing NIST 800-53 control categories
Reviewing client documentation for completeness and accuracy in addressing FedRAMP controls
Developing interview questions and interviewing clients based on assigned controls
Testing assigned controls based on artifacts provided/obtained
Documenting assessment results/findings for assigned controls in the Test Case Workbook
Updating secure repository status for assigned controls
Responding to client questions/comments related to assigned controls
Escalating assessment findings and/or client issues to project lead upon discovery
Assisting with project coordination
Assisting with development of Security Assessment Plan, Risk Exposure Table, and Security Assessment Report
Providing technical guidance to less experienced assessors
Updating timekeeping/project resourcing tool with appropriate hours worked and tasks completed
Requirements:
5+ years of progressive experience in technical security assessment in a professional services capacity including 2+ years of experience with FedRAMP
Excellent oral and written communication skills for deep technical matters and higher -level general concepts
Bachelor's degree in Computer Science, Information Systems, Cybersecurity or a related discipline
Current knowledge of and experience with FedRAMP (rev.5) requirements and strong level knowledge of NIST 800-53 control families
Strong analytical skills
Widespread understanding of cloud computing technologies
In-depth experience assessing (or advising on) architectures, configurations, and technical cyber/compliance best practices
Must have the Certified Information System Security Professional (CISSP) certification along with one of the following:
- CompTIA Advanced Security Practitioner (CASP+) Continuing Education (CE)
- GIAC Certified Enterprise Defender (GCED)
- GIAC Certified Incident Handler (GCIH)
- GIAC Security Leadership (GSLC)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified Cloud Security Professional (CCSP)
- CISSP-Information Systems Security Architecture Professional (CISSP-ISSAP)
- CISSP-Information Systems Security Engineering Professional (CISSP-ISSEP)
- CISSP-Information Systems Security Management Professional (CISSP-ISSMP)
- CyberSec First Responder (CFR)
- Certified Chief Information Security Officer (CCISO)
In addition to the above required certifications, successful completion of the BCR (Baltimore Cyber Range) is preferred.