Tetrad Digital Integrity (TDI) is a leading-edge cybersecurity firm with a mission to safeguard and protect our customers from increasing threats and vulnerabilities in this digital age. With over 20 years of knowledge and expertise, our solutions have created innovative and business-improvement oriented services across a diverse and international market that includes both government and commercial clients.
TDI is currently looking for a Cloud Risk Analyst (CRA) to support a large, Federal agency in Washington, DC on a cybersecurity initiative. The CRA will have CASB experience and risk assessment of Cloud based services (from mobile apps to environment), understand the importance of protecing data in a cloud environment and risk posed by vendors hosted in other countries, etc.
As a small business, we are committed to delivering excellence in our products and services, integrity in the way we conduct ourselves and respect in dealing with one and another. TDI values each and every employees' contribution to our continued growth and success. We recognize and value our employees and their individualism as we work to create a diverse work force. Join Team TDI, and become a TDI Titan today!
The Cloud Risk Analyst shall provide the organization risk guidance on existing and emerging cloud technologies with the following tasks:
• Evaluate cloud technologies and determine risk of technology architecture, implementation and suitability for the Government. This may require interaction with vendors to gather product security features, research vulnerabilities/weaknesses, and provide implementation recommendations to Senior Management.
• Support the Government’s A&A strategy for Cloud based systems.
Provide technical writing support and guidance to system owners in the development, and technical review of System Security Plans (SSPs).
o Conduct in-depth technical security reviews, risk assessments, and architecture reviews for Cloud based technologies to ensure alignment with Government information security policies and technical guidelines.
o Develop recommendations for decision briefs for Senior Management to use in making ATO and other security decisions.
• Provide technical guidance in the development and revision of Government information security policies to incorporate Cloud technologies.
• The Cloud Risk Analyst shall provide risk management guidance and advisement to Government teams for emerging technologies to include new cloud, mobile and desktop application work products.
• Provide technical support for responding to and implementing recommendations of the Office of Inspector General and Internal Controls/Internal Audit.
• Provide analysis and reporting via a CASB tool on the cloud products currently in use at the Government to include high-risk services, data usage, and threats.
•Bachelor’s degree in a related field and 2-3 years of Cloud Technologies. In lieu of a bachelor’s degree, at least four (4) years of IT security experience with emphasis on Cloud Technologies is required.
•Knowledge and expertise in cloud computing, virtualization, Platform as a Service (PaaS), Infrastructure as a Service (IaaS), Software as a Service (SaaS).
•Demonstrated experience in conducting technical risk assessments for various Cloud platforms.
•Experience working with Cloud Security Alliance (CSA) guidelines and security guidance from the National Institute of Standards and Technology (NIST) to include SP-800-53A: Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans, NIST SP 800-144: Guidelines on and Security and Privacy in Public Computing Cloud, NIST SP 800-145: The NIST Definition of Cloud Computing, NIST SP 800-146: Cloud Computing Synopsis and Recommendations; Federal Risk and Authorization Management Program (FedRAMP) security control baselines and security guides.
•Demonstrated understanding and/or experience of various Cloud environments.
•Demonstrated experience supporting a CASB tool.
•Strong familiarity with FedRAMP and Federal Cloud guidelines.
•Achievement of CCSP (Certified Cloud Security Professional), CISSP (Certified Information Systems Security Professional) and/or CRISC (Certified in Risk and Information Systems Control) certification(s) a plus.
•Ability to effectively communicate both orally and in writing (to include technical documentation).
•Ability to communicate effectively with technical and non-technical users.
•Excellent time management and organization skills, handling multiple, simultaneous and changing priorities under pressure and tight deadlines within a high-pressure environment.
*TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States.
"TDI is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, genetics, gender identity or expression, national origin, protected veteran status or disability status, or any other characteristic protected by federal, state or local laws."