• Support the daily cross-functional operational readiness of GSA's shared Salesforce.com platform and other Low-code/no-code environments.

• Applies experience and knowledge of NIST Risk Management Framework (RMF) and how Federal agencies apply this to secure their information systems.

• Applies experience and knowledge with the Assessment and Authorization (A&A) process, including Authority To Operate (ATO) packages and their alignment with RMF processes.

• Coordinates FedRAMP authorization on behalf of GSA, including intake, kickoff, Work Breakdown Structure (WBS), remediation, and Authority to Operate (ATO).

• Builds out Implementation Plan, Security Test Results, and Evidence management.

• Responsible for Plan of Action and Milestone (POA&M) development, which includes any necessary remediation.

• Drafts Standard Operating Procedures (SOPs) for user account provisioning and end-user controls (GSA responsibility).

• Updates technical security specs within the ATO packages to accurately reflect new information.

• Supports Authorizing Official System Brief (AOSB) development regarding successes, POA&Ms, and all stakeholder input.

• Coordinates Incident Response Plan (IRP), and Memorandum of Understanding/Information System Agreement (MOU/ISA) development, including all final signatures.

• Facilitates (Incident Response Plan) IRP Tabletop exercises.

• Ensures detailed and efficient hand-off to the Implementation team.

• Works to maintain compliance for SaaS Systems in Continuous Monitoring (RMF Step 6) through reauthorization (RMF 1-5) prior to the Authorization Termination Date (ATD).

• Continuously maintains the GSA's ATO security controls.

• Tracks document expiration. Identifies items approaching expiration and proactively works to complete new versions of those documents and upload them as artifacts.

• Completes POA&M remediation actions and updates.

• Creates monthly POA&Ms for each ATO package to reflect the status of monthly vulnerability scans conducted by Vendor and GSA-responsible controls.

• Implement Annual Assessment SOP requirements, validate prescribed controls, and update reauthorization annually.

• Supports Authorizing Official System Brief (AOSB) development regarding successes, POA&Ms, and all stakeholder input to the system going up for reauthorization.

• Experience in Agile methodologies with an emphasis on testing practice.

• Ability to communicate in a clear and concise manner.

• Ability to take initiative on assigned projects/tasks and work with minimal supervision.

• Partner cross-functionally on platform innovation and DevOps maturity.

• Collaborating with internal and client staff in identifying, planning, executing, tracking, and reporting all activities for security and compliance-related activities.

Requirements...

• Bachelor's Degree in information systems, Computer Science, or related field required, OR 4 years of demonstrated work experience in the specific field.

• Must have at least 3 years of related cyber security experience, preferably for a Federal or government agency.

• Strong conceptual understanding of how and when to apply NIST SP 800-53 (Revision 5) security controls for information systems.

• Working knowledge of the software development life cycle (SDLC) for SaaS applications.

• Excellent professional verbal and written communication and technical documentation skills.

• Ability to read technical documentation and identify alignment and/or conflict with process requirements and policies. Ability to translate these findings into customer communications along with action items to resolve potential issues.

• Ability to prioritize and work on multiple projects and initiatives simultaneously and adapt to changes in requirements, priorities, and deadlines.

• Strong analytical and organizational skills, including strong attention to detail.

• Strong interpersonal skills and ability to work collaboratively in a dynamic team environment.

• Superb soft skills, including gaining the trust of stakeholders and senior management and negotiating priorities with external teams.

• Must be able to use a computer.

• Must be able to obtain a government security clearance.

• Must be eligible to work in the United States.

• Must have fast and reliable internet service that allows for effective telecommuting.

Desired Skills...

• Experience working with cybersecurity management tools.

• Prefer industry-recognized certifications such as Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), or Certified Ethical Hacker (CEH).

• Experience supporting GSA.

• Experience working in the government sector.

• SAFe Agile and QA Certifications