Cloud SCA-R

AGE Solutions is looking for a Cloud SCA-R, Mid, to join our team in support of a cybersecurity risk management and assessment program with our DoD customer. In this role, you will be part of a team responsible for performing analysis, conducting independent validations of assessments, and Continuous Monitoring (ConMon) for authorized CSPs and CSOs.

Individuals in this role must be available to work full-time on-site at Ft. Meade, MD.

Essential Duties and Responsibilities Include:

• Conduct cybersecurity assessments and validations of Cloud Service Offerings (CSOs) in support of the DoD Provisional Authorization (PA) process
• Prepare 30 Cloud Security Assessment Packages per year, including validated cybersecurity controls, certifier’s recommendations, and residual risk statements
• Review Cloud Service Provider (CSP) documentation packages, including architectural diagrams, System Security Plans (SSP) with Addendums, Readiness Assessment Reports (RAR), Security Assessment Plans (SAP), and Security Assessment Reports (SAR)
• Evaluate supporting materials such as POA&Ms, Change Requests, Extension and Deviation Requests, Whitelist Requests, Corrective Action Plans, and applicable templates, checklists, and Continuous Monitoring (ConMon) artifacts
• Attend technical kickoff meetings to evaluate and document the CSP’s security posture and readiness for assessment
• Analyze and provide feedback on assessment documentation, including the RAR, SAP, SSP, and system architecture diagrams
• Identify and document the operational impact of security authorizations, changes, or identified vulnerabilities within the CSP’s environment
• Develop complete Cloud Security Assessment Packages in accordance with DoD standards, ensuring inclusion of SARs, POA&Ms, and Deviation Requests
• Create authorization recommendation memorandums summarizing compliance with DoD cybersecurity controls, technical evaluation results, and residual risk considerations
• Draft DoD PA memorandums outlining CSO boundary definitions, service offerings, authorization duration, terms and conditions, DoD usage considerations, and follow-on actions
• Validate implementation of CSO controls within eMASS or a government-provided GRC platform, and log assessment completion in the Mission Security Review (MSR)
• Review the Customer Responsibility Matrix (CRM) and ensure correct inheritance mapping within eMASS or the designated GRC tool
• Enter all authorization conditions into eMASS as system-level POA&Ms and monitor for timely resolution
• Upload and associate all CSP documentation with applicable security controls in eMASS or the appropriate system of record
• Track and manage all CSO-related data using the Team Lead Resource (TLR) Assessment Database
• Maintain and update the DoD Cloud Process Guide and associated templates, forms, checklists, and documentation
• Contribute to the development of internal instructions, how-to guides, and reference material to support consistent assessor workflows
• Ensure assessment activities are conducted in compliance with DoDI 8510.01 and the DoD Cloud Computing Security Requirements Guide (SRG)
• Document assessment methodologies and validation best practices to continuously improve assessment accuracy, consistency, and process efficiency
• Support the ongoing development and annual updates of the DoD Cloud Assessment Process Guides in alignment with evolving policy and government directives

Required Qualifications:

• Education:
  • Bachelor's degree (IT-related field preferred)
• Experience:
  • Five (5) years of overall experience in cybersecurity or network security position
• Security Clearance:
  • Must have an active DoD Top Secret clearance with SCI eligibility
• Certifications:
  • DoD 8570 IAM/IA Technical (IAT) Level II certification
• Skills and Knowledge:
  • Working knowledge of DoD Risk Management Framework (RMF) and DoDI 8510.01
  • Familiarity with the DoD Cloud Computing Security Requirements Guide (SRG) and associated cloud security policies
  • Familiarity with security controls for Azure, AWS, and assorted cloud platforms
  • Experience conducting security assessments and developing security documentation (e.g., SSP, SAR, POA&M, SAP)
  • Proficiency with eMASS or equivalent Government Risk and Compliance (GRC) tools
  • Demonstrated ability to interpret and apply NIST SP 800-53 security controls in cloud environments
  • Strong analytical and technical writing skills with the ability to communicate complex topics clearly
• Location:
  • Applicants must reside within a commutable distance of Ft. Meade, MD in order to work onsite full time.

Compensation: $100,000+