Job Description
The candidate must be able to:
- Understand/document information system specifications and security controls, including logical and physical diagrams, connectivity, communication, and data flow diagrams, both internal and external to the system.
- Advise stakeholders on multiple courses of action in an environment with changing unconfirmed policy, e.g., NIST RMF and DISA SRG.
- Document multiple courses of action and identify risk mitigation recommendations in accordance with FedRAMP requirements, procedures, and best practices, with associated benefits/drawbacks to each.
- Apply enterprise security frameworks and capabilities, such as FISMA, NIST SP 800, etc. towards existing initiatives such as cloud environments.
- Develop/update policies and procedures to implement FedRAMP compliance as well as compliant with NIST 800-171 security requirements and other
- DFAR clauses.
- Unders...