Haystack
← Back to Jobs
Remote
Other

Remote -FedRAMP Technical Systems Assessment Analyst

INFT Solutions incWashington, DC🇺🇸United StatesPosted 16 Jul 2026

Quick Overview

Work Type
Remote
Level
Mid Senior

Job Description

Title: FedRAMP Technical Systems Assessment Analyst



Location: REMOTE



Clearance: Able to get clearance.

About the Role

The FedRAMP Technical ISSO / Systems Assessment Analyst is a mid level member of the FedRAMP

assessment team responsible for reviewing cloud service providers (CSPs) and vendor systems for

compliance with FedRAMP and federal security requirements. This role combines strong technical

security expertise with practical FedRAMP compliance experience, focusing on vendor system

assessments, authorization support, and continuous monitoring activities.

The position performs detailed technical reviews of system architectures and security controls,

works directly with vendors to identify and remediate gaps, and supports authorization decisions.



Key Responsibilities



Technical Security & FedRAMP Assessment

Conduct detailed technical and architecture reviews of vendor cloud solutions, including

infrastructure, platform, and application components.

Assess and document implementation of security controls, including encryption at rest and in

transit, identity and authentication mechanisms (including MFA), session management, logging,

vulnerability management, and configuration baselines.

Lead technical discussions and screen sharing sessions with vendors to fully understand system

architectures, data flows, and control implementations.

Review vulnerability scan results and penetration testing reports and validate remediation actions.

Review Third Party Assessment Official (3PAO) Penetration Test reports and Red Team exercises.

Perform detailed reviews of FedRAMP authorization artifacts, including SSPs, SARs, POA&Ms,

incident response plans, contingency plans, and system architecture diagrams.

Evaluate vendor compliance with NIST SP 800 53, NIST SP 800-171, and FedRAMP requirements.



Authorization, Compliance & Continuous Monitoring

Support initial FedRAMP assessments, Authorizations to Operate (ATOs), reauthorizations, and

ongoing continuous monitoring activities.

Ensure FedRAMP security packages are accurate, complete, and aligned with current FedRAMP

templates and guidance.

Track POA&M items, remediation timelines, and compliance risks and provide status updates to

stakeholders.

Review recurring CSP deliverables to ensure continued compliance with FedRAMP requirements.

Assess cybersecurity supply chain and third party risks within FedRAMP packages and support

mitigation efforts.



ISSO & Stakeholder Coordination

Serve as the ISSO for assigned systems, ensuring compliance with FISMA, OMB, FedRAMP, and GSA

security policies.

Collaborate with IT, security, privacy, and business stakeholders to validate security controls and

resolve identified gaps.

Assist with the development and maintenance of security documentation and internal guidance

related to FedRAMP and system authorization.

Stay current on FedRAMP updates, NIST guidance, and cybersecurity best practices and apply

changes to assessment activities.

Provide security guidance and promote awareness to vendors and internal teams as needed.



Required Qualifications & Education

Bachelor's degree in Computer Science, Information Systems, Engineering, or a related field (or

equivalent experience).

4-6 years of experience in cybersecurity, information security, or information assurance.

At least 2 years of experience supporting NIST SP 800-53-based Risk Management Framework

(RMF) or Assessment & Authorization (A&A) activities.

Experience as an ISSO, Security Engineer, Security Control Assessor (SCA), or similar role reviewing

system architectures and security controls.

Experience supporting FedRAMP assessments, authorization packages, continuous monitoring, and

compliance activities.

One or more industry certifications such as CISSP, CISM, CISA, CCSP, or CGRC.

Strong knowledge of FedRAMP, NIST SP 800-53, NIST SP 800-171, RMF, FISMA, vulnerability

management, and third-party security assessments.

Hands-on cloud security engineering experience in AWS, Azure, and/or Google Cloud Platform

(Google Cloud Platform), including implementing and assessing cloud security controls.

Strong understanding of cloud security principles, including encryption, key management, cloud

storage security (e.g., Amazon S3), and cloud-native security services.

Experience evaluating vendor security architectures, guiding remediation efforts, and ensuring

solutions meet FedRAMP and federal security requirements.

Ability to assess security configurations and provide technical guidance to engineering teams and

vendors.

Excellent written and verbal communication skills with the ability to communicate effectively with

both technical and non-technical stakeholders.



Clearance and Location Requirements:

Able to be cleared for a Public Trust clearance.

Skills

AWS
Encryption
MFA
Azure
Compliance
Google Cloud
Penetration Testing
REST
Risk Management

Similar jobs