Sr. Security Compliance Analyst (FedRAMP)
The Sr. Security Compliance Analyst is responsible for working across internal stakeholders and product engineering teams to document implementation of control requirements supporting the cloud security standards including technical and operational controls.
- Work with internal stakeholder engineering teams to document the implementation of security compliance control implementations for technical, management, and operational requirements
- Audit and collect security control implementation audit logs, penetration testing results, and vulnerability scan results
- Collect and document technical architecture, operational processes and security policies from multiple internal engineering teams
- Reviewing, documenting, analyzing and evaluating business system and user needs in areas of Authorization and Accreditation (A&A) and Plans of Action and Milestones (POA&Ms)
Skills and competencies
Five or more years’ experience in:
- Experienced in writing Technical documentation and knowledge of Cloud and Security concepts
- Experience on NIST SP 800 Series, FedRAMP and FISMA
- Experience with writing, editing, and/or managing a wide variety of IT security documentation and familiarity with federal IT standards such as Federal Information Security Management Act (FISMA)
- Experience interviewing subject matter experts and using knowledge to develop, edit, and revise documentation including standard operating procedures, system security plans, and policies and procedures.
- Experience with the production and/or editing of technical drawings using MS Visio or similar design tools.
- Experience with technical documentation related to FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, FISMA A&A, and continuous monitoring, and POA&M management.
- Understanding of Third-party Assessment Organizations (3PAO)
Experience with and knowledge of:
- National Institute of Standards and Technology (NIST) standards
- Strong governance, risk and compliance experience
- Cloud Computing Security Requirements Guide (SRG)
- Experience and familiarity with cloud data security (FISMA/FedRAMP compliance) and working with public cloud solutions (AWS, Google, and Azure)
- Experience writing proposals and understanding basic contract language
- Deep experience NIST SP 800 Series, FedRAMP and FISMA
- ISO27001 – specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organization’s risk management
- Control Objectives for Information and Related Technologies (COBIT)
General skills include:
- Demonstrate strong verbal and written communication skills as well as strong analytical and problem solving abilities
- Excellent English language, grammar, and spelling skills for writing, editing, and proofreading
- Ability to work independently or as a member of a team on various tasks.
- Skilled at organizing and translating information into clear written documentation; articulating complex concepts and processes in writing
- Proven ability to effectively research subject matter
- Experience working in a collaborative environment; ability to work well under tight deadlines and effectively interact with a wide range of personnel
- Strong experience with Microsoft product suite, particularly Microsoft Word, PowerPoint and SharePoint
- Strong writing skills - must submit samples
Industry-specific requirements Knowledge, experience and subject matter expertise in the following:
- FedRAMP (Federal Risk Authorization Management Program)
- NIST SP 800-53 Rev 4
- NIST SP 800-37
- FISMA (Federal Information Systems Management Act)
- NIST RMF (Risk Management Framework)
- Supporting Systems Security Assessment and Authorization (SA&A) for Federal Agencies
- NIST FIPS 199, Data Classification
- Privacy Impact Assessment (PIA)
- DHS Continuous Monitoring Program
- Bachelor's degree in a relevant field (e.g., English, Business Writing, Business Administration, etc.)
Symantec is an equal opportunity employer. All candidates for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, physical or mental disability, veteran status, or any other basis protected by applicable federal, state or local law.