The reesource shall provide the organization risk guidance on existing and emerging cloud technologies.
Excelicon seeks a resource to support and execute the following tasks:
- Evaluate technologies and determine risk of technology architecture, implementation and
suitability for the client. This may require interaction with vendors to gather product security
features, research vulnerabilities/weaknesses, and provide implementation recommendations to Senior Management.
- Support the development of the client’s A&A strategy for Cloud based systems.
- Provide technical writing support and guidance to system owners in the development, and
- technical review of System Security Plans (SSPs).
- Conduct in-depth technical security reviews, risk assessments, and architecture reviews for
- Cloud based technologies to ensure alignment with House information security policies
- and technical guidelines.
- Develop recommendations for decision briefs for Senior Management to use in making
- ATO and other security decisions.
- Provide technical guidance in the development and revision of client’s information security policies to incorporate Cloud technologies.
- The Contractor shall provide risk management guidance and advisement to CAO teams for
emerging technologies to include new cloud, mobile and desktop application work products.
- Provide technical support for responding to and implementing recommendations of the Office of Inspector General and Internal Controls/Internal Audit.
- Provide analysis and reporting on the cloud products currently in use at the client site to include high-risk services, data usage, and threats.
- Other duties as assigned.
The Contractor shall provide individuals with the following knowledge, skills and abilities:
- Bachelor’s degree in a related field.
- Knowledge and expertise in cloud computing, virtualization, Platform as a Service (PaaS),
- Infrastructure as a Service (IaaS), Software as a Service (SaaS).
- Demonstrated experience in conducting technical risk assessments for various Cloud platforms.
- Experience working with Cloud Security Alliance (CSA) guidelines and security guidance from
the National Institute of Standards and Technology (NIST) to include SP-800-53A: Assessing
Security and Privacy Controls in Federal Information Systems and Organizations: Building
Effective Assessment Plans, NIST SP 800-144: Guidelines on and Security and Privacy in Public
Computing Cloud, NIST SP 800-145: The NIST Definition of Cloud Computing, NIST SP 800-
146: Cloud Computing Synopsis and Recommendations; Federal Risk and Authorization
Management Program (FedRAMP) security control baselines and security guides.
- Demonstrated understanding and/or experience of various Cloud environments.
- Demonstrated experience supporting a CASB tool.
- Strong familiarity with FedRAMP and Federal Cloud guidelines.
- Achievement of CCSP (Certified Cloud Security Professional), CISSP (Certified Information
- Systems Security Professional) and/or CRISC (Certified in Risk and Information Systems Control)