Remote -FedRAMP Technical Systems Assessment Analyst
Quick Overview
Job Description
Title: FedRAMP Technical Systems Assessment Analyst
Location: REMOTE
Clearance: Able to get clearance.
About the Role
The FedRAMP Technical ISSO / Systems Assessment Analyst is a mid level member of the FedRAMP
assessment team responsible for reviewing cloud service providers (CSPs) and vendor systems for
compliance with FedRAMP and federal security requirements. This role combines strong technical
security expertise with practical FedRAMP compliance experience, focusing on vendor system
assessments, authorization support, and continuous monitoring activities.
The position performs detailed technical reviews of system architectures and security controls,
works directly with vendors to identify and remediate gaps, and supports authorization decisions.
Key Responsibilities
Technical Security & FedRAMP Assessment
Conduct detailed technical and architecture reviews of vendor cloud solutions, including
infrastructure, platform, and application components.
Assess and document implementation of security controls, including encryption at rest and in
transit, identity and authentication mechanisms (including MFA), session management, logging,
vulnerability management, and configuration baselines.
Lead technical discussions and screen sharing sessions with vendors to fully understand system
architectures, data flows, and control implementations.
Review vulnerability scan results and penetration testing reports and validate remediation actions.
Review Third Party Assessment Official (3PAO) Penetration Test reports and Red Team exercises.
Perform detailed reviews of FedRAMP authorization artifacts, including SSPs, SARs, POA&Ms,
incident response plans, contingency plans, and system architecture diagrams.
Evaluate vendor compliance with NIST SP 800 53, NIST SP 800-171, and FedRAMP requirements.
Authorization, Compliance & Continuous Monitoring
Support initial FedRAMP assessments, Authorizations to Operate (ATOs), reauthorizations, and
ongoing continuous monitoring activities.
Ensure FedRAMP security packages are accurate, complete, and aligned with current FedRAMP
templates and guidance.
Track POA&M items, remediation timelines, and compliance risks and provide status updates to
stakeholders.
Review recurring CSP deliverables to ensure continued compliance with FedRAMP requirements.
Assess cybersecurity supply chain and third party risks within FedRAMP packages and support
mitigation efforts.
ISSO & Stakeholder Coordination
Serve as the ISSO for assigned systems, ensuring compliance with FISMA, OMB, FedRAMP, and GSA
security policies.
Collaborate with IT, security, privacy, and business stakeholders to validate security controls and
resolve identified gaps.
Assist with the development and maintenance of security documentation and internal guidance
related to FedRAMP and system authorization.
Stay current on FedRAMP updates, NIST guidance, and cybersecurity best practices and apply
changes to assessment activities.
Provide security guidance and promote awareness to vendors and internal teams as needed.
Required Qualifications & Education
Bachelor's degree in Computer Science, Information Systems, Engineering, or a related field (or
equivalent experience).
4-6 years of experience in cybersecurity, information security, or information assurance.
At least 2 years of experience supporting NIST SP 800-53-based Risk Management Framework
(RMF) or Assessment & Authorization (A&A) activities.
Experience as an ISSO, Security Engineer, Security Control Assessor (SCA), or similar role reviewing
system architectures and security controls.
Experience supporting FedRAMP assessments, authorization packages, continuous monitoring, and
compliance activities.
One or more industry certifications such as CISSP, CISM, CISA, CCSP, or CGRC.
Strong knowledge of FedRAMP, NIST SP 800-53, NIST SP 800-171, RMF, FISMA, vulnerability
management, and third-party security assessments.
Hands-on cloud security engineering experience in AWS, Azure, and/or Google Cloud Platform
(Google Cloud Platform), including implementing and assessing cloud security controls.
Strong understanding of cloud security principles, including encryption, key management, cloud
storage security (e.g., Amazon S3), and cloud-native security services.
Experience evaluating vendor security architectures, guiding remediation efforts, and ensuring
solutions meet FedRAMP and federal security requirements.
Ability to assess security configurations and provide technical guidance to engineering teams and
vendors.
Excellent written and verbal communication skills with the ability to communicate effectively with
both technical and non-technical stakeholders.
Clearance and Location Requirements:
Able to be cleared for a Public Trust clearance.
Skills
Similar jobs
Branch Auditor
Edward Jones · St. Louis, United States
9 minutes agoOnline Survey Panelist - Remote, Part-Time
Focus Group Panel · Essex, United States
10 minutes agoOnline Survey Panelist - Remote, Part-Time
Focus Group Panel · Ankeny, United States
10 minutes agoPaid Research Study Participant - Work From Home
Focus Group Panel · Ankeny, United States
10 minutes agoOnline Survey Panelist - Remote, Part-Time
Focus Group Panel · Carson City, United States
10 minutes agoPaid Research Study Participant - Work From Home
Focus Group Panel · Rochester Hills, United States
10 minutes ago