Responsibilities
Kforce has a client seeking a fully remote FedRAMP Engineer to join their team. Responsibilities:
- Developing and maintaining a comprehensive continuous monitoring plan based on NIST SP 800-53 guidelines, FedRAMP requirements, and organization-specific needs
- Establishing processes and procedures to collect, analyze, and report security-related information from various sources, such as security controls, vulnerability assessments, and incident response activities
- Conducting regular risk assessments to identify potential vulnerabilities and threats to cloud-based systems
- Define key performance indicators (KPIs) and metrics to measure the effectiveness of the continuous monitoring program
- Monitoring and analyzing security logs, event data, and system alerts to identify anomalies, security incidents, and non-compliance with established security policies
- Evaluating vulnerability scans and penetration tests to assess the security posture of cloud-based systems
- Reviewing and analyze security assessment and authorization (SA&A) artifacts, including system security plans, risk assessments, and security control implementation documentation
- Providing support during internal and external audits or assessments by compiling and presenting evidence of compliance with FedRAMP and NIST guidelines
Requirements
- Possess an In-depth understanding of the NIST Special Publication 800-53 guidelines and FedRAMP requirements
- Possess an understanding of security controls and their implementation within complex IT environments
- Demonstrated experience in implementing and managing continuous monitoring programs for cloud-based systems within the Federal Government
- Possess knowledge of cloud technologies, infrastructure, and security controls (e.g., AWS, Azure)
- Familiarity with industry-leading security tools, vulnerability scanners, and security information and event management (SIEM) systems
- Proficiency in evaluating vulnerability assessments, penetration testing, and security and incident response
- Knowledge of security assessment and authorization (SA&A) processes, system security plans, and risk management frameworks (e.g., RMF)
- Possess the ability to work across programming languages and frameworks (e.g., Python, Power Shell)
- Proficiency in Business Intelligence platforms (e.g., Power BI)
- Working knowledge of XML/JSON/Excel (Pivot Tables, VLOOKUPs, etc.)
- Experience with Data Warehousing and Extract, Load, Transform (ETL) process
- Ability to work with databases and write simple to complex queries using SQL
- Knowledge of software development methodologies (e.g., Agile, Waterfall)
- Familiarity with Cloud services (Azure)
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.