• Demonstrated experience facilitating Technical Exchange Meetings (TEMs) with cloud service providers to review cloud service architectures
• Demonstrated experience maintaining assessment and authorization (A&A) packages across multiple services or systems in accordance with FIPS-199, NIST 800-53, and CNSS 1253 requirements
• Demonstrated experience designing, implementing, assessing, or reviewing systems that utilize cloud technology with Amazon Web Services, Oracle Cloud, Google Cloud, IBM Cloud, or Microsoft Azure cloud architecture
• Demonstrated experience utilizing or reviewing cross domain technology and common architecture designs
• Demonstrated experience consulting project teams on system architecture and security posture
• Demonstrated experience with continuous monitoring requirements to include scan analysis for critical or high findings with common scan tools such as Rapid 7, Nessus, and Qualys
• Demonstrated experience creating, monitoring, or closing system or service Plans of Actions and Milestone items (POA&Ms)
• Demonstrated experience utilizing compliance tools to track assessment and authorization activities such as Xacta 360, Risk Vision, RSA Archer
• Demonstrated experience with the common control provider concept within the NIST Risk Management Framework
• Demonstrated experience with security control assessments to include working with Security Control Assessors (SCAs) and preparing security packages for SCAs
• Demonstrated experience conducting information system security engineering activities
• Demonstrated experience using the Sponsor's or IC element A&A process
• Demonstrated experience creating or reviewing A&A body of evidence documentation in a cloud security environment
• Demonstrated experience identifying, implementing, or reviewing appropriate information security controls
• Demonstrated experience working in Xacta 360