Jobs · himalayas

V

FedRAMP Engineer

Halcyon Labs · United States · Posted 22d ago

remoteseniorEstimated 93k-215k USD🇺🇸 United States
Apply on himalayas

About the role

Position Description Halcyon Labs is seeking a FedRAMP Security Engineer to join our rapidly growing and innovative cybersecurity team! The candidate will provide technical expertise on Security control implementations and development of Information Security procedures for systems and applications. The selected candidate will play a key role in a fast-paced FedRAMP team to provide comprehensive program, analytical, technical, and advisory skills to the client and supported Cloud Service Providers (CSPs). Candidates will be required to perform pre-assessment activities including a detailed analysis of the technology stacks comprising the vendor solutions. This position requires an advanced understanding of how to engineer secure, compliant, and resilient architectures and solutions. You will be part of a team working to assess vendor systems for technical compliance with NIST, FedRAMP and agency standards. Halcyon Labs is a company that cares about its employees- we've been named one of the Best Places to Work in the Washington DC area 12 years in a row ! If you are interested in learning more about Valiant and this opportunity, we invite you to apply now! This position allows for 100% remote work. Remote work necessitates a high-level trust in our employees and we strictly adhere to the details found below in our Remote Work Policy. Required Experience Five (5) years of experience in the IT Security field Bachelor’s degree in Computer Science, Information Systems, Mathematics, Engineering or a related field, OR an additional three years of IT experience required Four (4) years of hands-on technical experience as a System Architect or Security Engineer Four (4) years of experience supporting FedRAMP Security+, CISSP, CISM, CISA, or equivalent Security certification Direct experience as a Security Engineer or System Architect performing analysis on FedRAMP Cloud Service Providers (CSP) architectures and control implementations (ie. 3PAO, FedRAMP program at another federal agency, etc) Confidence and depth of understanding to lead meetings with potential Vendors Current experience in reviewing 3rd party security assessment reports Have detailed knowledge and experience with NIST Policies, Governance, Security Planning and Architecture, FISMA Compliance, RMF, Incident Analysis, and General Security Best Practices. Possess strong written and oral communication skills to support customers, internal stakeholders, peers, and public audiences. Ability to communicate, both written and oral, to both technical and non-technical stakeholders. Strong communication skills to interact with senior managers, junior staff, and business unit (non-technical) customers Responsibilities Perform detailed architecture and technical design reviews on the full stack for vendor solutions Conduct architecture reviews of Cloud Service Providers (CSPs) authorization packages to validate secure design, alignment to FedRAMP and agency requirements, identify gaps, and advise the FedRAMP Government Lead overall risk posture and compliance Lead and conduct architecture interviews with CSPs to ensure all critical control areas throughout the architecture are designed to meet program requirements Develop architecture briefing documents to inform the Government FedRAMP program manager and CISO of CSP compliance with FedRAMP program requirements, technical capabilities, and any concerns noted from material review Complete comprehensive review and comment documents of CSPs FedRAMP documentation including but not limited to system security plans, policies and procedures, supplemental agency guidance documents, alternative implementation and risk acceptance documents, etc. Work with CSPs to reconcile and address any documentation and technology gaps discovered during the review Complete a comprehensive review of CSPs' assessments and package submissions after 3PAO audits and prepare a package briefing for the Government FedRAMP program manager and agency CISO. Artifacts include, but are not limited to, vendor security assessment plans, security assessment reports, vulnerability scans, penetration tests, etc Work alongside agency FedRAMP Lead and provide security engineering services Provide support for Continuous Monitoring activities including but not limited to items such as reviewing annual package submissions, reviewing and scoping significant change proposals, reviewing risk acceptance documents, etc Interpret FedRAMP and other agency requirements and provide vendors with guidance regarding expectations, technical requirements, and processes Stay informed of updated FedRAMP guidance, industry best practices, emerging technologies, and Government cybersecurity directives, and provide recommendations to FedRAMP Government lead regarding impacts Conduct security reviews of technologies for use base consideration within CSPs authorization boundary Oversee and manage relationships for assigned systems that may be contractor-owned or contra

Read the full posting on himalayas

FAQ

Is the FedRAMP Engineer role at Halcyon Labs remote?+

This FedRAMP Engineer position is listed as remote (United States).

What is the salary for the FedRAMP Engineer role at Halcyon Labs?+

The listing states Estimated 93k-215k USD.

What seniority level is this FedRAMP Engineer role?+

This is a senior level position.

How do I apply for the FedRAMP Engineer role at Halcyon Labs?+

Use the "Apply on himalayas" button to open the original posting on himalayas, where you can submit your application directly to Halcyon Labs.