Cloud Compliance Security Analyst

Description

SAIC is seeking a Cloud Compliance Security Analyst to join SAIC to support our Governance Risk and Compliance Team in Reston VA. This position is a member of a team that supports keeping SAIC corporate and business contracts in compliance with applicable cybersecurity laws, regulations, and policies.

The successful candidate will support security requirements development; implementation oversight and validation of cloud security across all deployment models (i.e. IaaS, PaaS, and SaaS) tools and offerings. The candidate will provide subject matter expertise in security principles and cloud security best practices to technical and acquisition project teams and assess potential security risk that might result from inadequate design decisions or incomplete integration of cloud-based tools.

Specific responsibilities include
• Developing security requirements for cloud deployments based on industry best practices and tailoring requirements to publish standards and policies (e.g. NIST 800-171, CMMC, CC SRG, etc.)

• Provide subject matter expertise to engineers on best practices to compliant security control implementation.

• Developing and overseeing cloud security validation, reviewing environments, collecting artifacts supporting proper security implementation.

• Developing documentation templates for use by contract teams.

• Reviewing documentation for completeness, accuracy, and adherence to provided security control requirements.

• Providing recommendations to the CISO on allowing reviewed cloud environments for use in production. 
• Interpreting security principles and requirements for technical teams as related to cloud services
• Reviewing secure configuration baselines for compliance with best practices and applicable requirements
• Developing security recommendations following NIST and Cloud Security Alliance guidance and security best practices
 

Qualifications

Bachelor's degree in Information Technology or equivalent
• Minimum of five years’ experience as a Security Analyst or Engineer or equivalent role, at least two years of which must be in a cloud environment
• Active (ISC)2 CISSP certification, CCSP or CCSK cloud security certification

• Azure, AWS, Google Cloud related certifications desired
• Demonstrated experience with information security engineering practices and experience with implementation of NIST security controls
• Strong communication and writing skills
• Fluent in all Microsoft Office products (Word, PowerPoint, Excel, Project, Visio)