FedRAMP Technical Systems Assessment Analyst

About the Role

The FedRAMP Technical ISSO / Systems Assessment Analyst is a mid level member of the FedRAMP assessment team responsible for reviewing cloud service providers (CSPs) and vendor systems for compliance with FedRAMP and federal security requirements. This role combines strong technical security expertise with practical FedRAMP compliance experience, focusing on vendor system assessments, authorization support, and continuous monitoring activities.

The position performs detailed technical reviews of system architectures and security controls, works directly with vendors to identify and remediate gaps, and supports authorization decisions.

‍

Key Responsibilities

‍

Technical Security & FedRAMP Assessment

• Conduct detailed technical and architecture reviews of vendor cloud solutions, including infrastructure, platform, and application components.

• Assess and document implementation of security controls, including encryption at rest and in transit, identity and authentication mechanisms (including MFA), session management, logging, vulnerability management, and configuration baselines.

• Lead technical discussions and screen sharing sessions with vendors to fully understand system architectures, data flows, and control implementations.

• Review vulnerability scan results and penetration testing reports and validate remediation actions.

• Review Third Party Assessment Official (3PAO) Penetration Test reports and Red Team exercises.

• Perform detailed reviews of FedRAMP authorization artifacts, including SSPs, SARs, POA&Ms, incident response plans, contingency plans, and system architecture diagrams.

• Evaluate vendor compliance with NIST SP 800 53, NIST SP 800-171, and FedRAMP requirements.

‍

Authorization, Compliance & Continuous Monitoring

• Support initial FedRAMP assessments, Authorizations to Operate (ATOs), reauthorizations, and ongoing continuous monitoring activities.

• Ensure FedRAMP security packages are accurate, complete, and aligned with current FedRAMP templates and guidance.

• Track POA&M items, remediation timelines, and compliance risks and provide status updates to stakeholders.

• Review recurring CSP deliverables to ensure continued compliance with FedRAMP requirements.

• Assess cybersecurity supply chain and third party risks within FedRAMP packages and support mitigation efforts.

‍

ISSO & Stakeholder Coordination

• Serve as the ISSO for assigned systems, ensuring compliance with FISMA, OMB, FedRAMP, and GSA security policies.

• Collaborate with IT, security, privacy, and business stakeholders to validate security controls and resolve identified gaps.

• Assist with the development and maintenance of security documentation and internal guidance related to FedRAMP and system authorization.

• Stay current on FedRAMP updates, NIST guidance, and cybersecurity best practices and apply changes to assessment activities.

• Provide security guidance and promote awareness to vendors and internal teams as needed.

‍

Required Qualifications & Education

• Bachelor’s degree in Computer Science, Information Systems, Engineering, or a related field (or equivalent additional years of relevant experience).

• 4–6 years of experience in IT security, cybersecurity, or information assurance.

• At least 2 years of experience supporting NIST SP 800 53–based RMF or A&A activities.

• Hands on experience reviewing system architectures and security controls as an ISSO, Security Engineer, SCA, or similar role.

• Experience supporting or reviewing FedRAMP assessments, authorization packages, and continuous monitoring artifacts.

• One or more security certifications such as CISSP, CISM, CISA, CCSP, or CGRC.

• Strong understanding of: FedRAMP compliance and assessment processes, NIST SP 800 53, NIST SP 800 171, RMF, and FISMA requirements, and Vulnerability management tools and third party security assessment reports

• Strong written and verbal communication skills, with the ability to communicate effectively with both technical and non technical stakeholders.

• Experience guiding vendors through remediation and compliance activities.

‍

Clearance and Location Requirements:

• Able to be cleared for a Public Trust clearance.

• This is a remote position.

‍