System Engineer

Freedom Technology Solutions Group is looking for a Cloud Engineer to accelerate mission delivery and connect mission partners with the power of commercially-driven cloud computing. The team brings multi-cloud solutions to mission environments, supporting cloud services providers (CSPs), and offering cloud services across multiple networks. In this role, the ideal candidate manages security assessment, security compliance, change management, and continuous monitoring responsibilities across four (4) cloud service providers: Amazon Web Services, Google Cloud, Oracle Cloud, and Microsoft Azure.

The Contractor shall ensure that all development and modifications to existing Sponsor applications comply with Sponsor's security and architectural policies and regulations. The Contractor shall be required to communicate and collaborate across organizational boundaries, to include other contractor teams. The Contractor shall be required to work with Sponsor staff and contractor personnel as well as external stakeholders. The Sponsor will direct priorities and delegate tasks.

Responsibilities:

•  Assess cloud security technologies for security gaps and weaknesses according to industry standards.
• Review cloud security body of evidence packages for completeness and accuracy.
• Facilitate TEMs with cloud service providers to review cloud service architectures.
• Provide project management support including project planning, task tracking, milestone management, and resource coordination.

Technical Requirements:

• Manage security assessment, security compliance, change management, and continuous monitoring activities, including associated program management functions, across four (4) CSPs: AWS, Google Cloud, Oracle Cloud, and Microsoft Azure.
• Assess cloud security technologies for security gaps and weaknesses according to industry standards.
• Analyze security scan findings and perform risk analysis on the findings.
• Review cloud security body of evidence packages for completeness and accuracy.
• Collaborate with other internal components and security peers to determine security and potential weaknesses of cloud infrastructure and cloud services.
• Advise Sponsor leadership on cloud security services.
• Analyze system alerts to determine if a security weakness exists and document risk mitigation procedures.
• Sustain and evolve the Sponsor's standard operating procedures to meet Program Objectives.
• Facilitate technical exchange meetings (TEMs) with cloud service providers to review cloud service architectures.
• Provide program management support including project planning, task tracking, milestone management, and resource coordination.
• Develop and maintain program metrics and performance indicators including security assessment completion rates, finding remediation timelines, compliance status dashboards, and other KPIs as directed by the Sponsor.
• Respond to Sponsor inquiries and requests for information within established timelines, providing accurate and complete technical and programmatic information.
• Prepare periodic program highlights, status reports, and briefing materials for Sponsor leadership.
• Support ad hoc taskings from the Sponsor including research, analysis, documentation, and coordination activities.
• Maintain regular communications with the Sponsor through scheduled status meetings, written reports, and other communication channels.

Required Skills:

1. Facilitating TEMs with cloud service providers to review cloud service architectures
2. Active Security Clearance with Polygraph.
3. Maintaining A&A packages across multiple services/systems in accordance with FIPS-199, NIST 800-53, and CNSS 1253
4. Designing, implementing, assessing or reviewing systems utilizing cloud technology with AWS, Oracle Cloud, Google Cloud, or Microsoft Azure
5. Utilizing or reviewing cross domain technology and common architecture designs
6. Continuous monitoring requirements including scan analysis with tools such as Rapid 7, Nessus, and Qualys
7. Creating, monitoring, or closing POA&Ms
8. Utilizing compliance tools such as Xacta 360, Risk Vision, RSA Archer
9. Common control provider concept within the NIST RMF
10. Security control assessments including working with SCAs and preparing security packages
11. Information system security engineering activities
12. Project management including planning, task tracking, milestone management, and resource coordination
13. Developing and maintaining program metrics, performance indicators, and compliance status dashboards
14. Preparing technical reports, program highlights, status briefings, and leadership communications

Desired Skills:

1. Using the Sponsor's or IC element A&A process
2. Creating or reviewing A&A body of evidence documentation in a cloud security environment
3. Identifying, implementing, or reviewing appropriate information security controls
4. Working in Xacta 360
5. Experience with Sponsor's A&A tools