Sr. Security Compliance Technical Analyst (FedRAMP)
Herndon, VA

Job Description

The Security Compliance Technical Analyst is responsible for working across internal stakeholders and product engineering teams to drive key aspects of continuous monitoring requirements, support customer onboarding, and drive continuous improvements within the FedRAMP program. Responsibilities include:

* Coordinate with internal stakeholder engineering teams to demonstrate the implementation of security compliance control implementations for technical, management, and operational requirements
* Perform vulnerability and compliance scanning, analyze results, provide assessments and reviews.
* Audit security control to ensure compliance with cloud requirements and governance models
* Support the development of technical material, operational processes, security policies, and other core documents
* Manage compliance metrics
* Manage program for Plans of Action and Milestones (POA&Ms)
* Manage onsite assessments and coordinate with external stakeholders

Skills and competencies

Five or more years' experience in:

* Experienced in writing Technical documentation and knowledge of Cloud and Security concepts
* Experience on NIST SP 800 Series, FedRAMP and FISMA
* Experience with writing, editing, and/or managing a wide variety of IT security documentation and familiarity with federal IT standards such as Federal Information Security Management Act (FISMA)
* Experience interviewing subject matter experts and using knowledge to develop, edit, and revise documentation including standard operating procedures, system security plans, and policies and procedures.
* Experience with the production and/or editing of technical drawings using MS Visio or similar design tools.
* Experience with technical documentation related to FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, FISMA A&A, and continuous monitoring, and POA&M management.
* Understanding of Third-party Assessment Organizations (3PAO)

Experience with and knowledge of:

* National Institute of Standards and Technology (NIST) standards
* Strong governance, risk and compliance experience
* Cloud Computing Security Requirements Guide (SRG)
* Experience and familiarity with cloud data security (FISMA/FedRAMP compliance) and working with public cloud solutions (AWS, Google, and Azure)
* Experience writing proposals and understanding basic contract language
* Deep experience NIST SP 800 Series, FedRAMP and FISMA
* ISO27001 - specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organization's risk management
* Control Objectives for Information and Related Technologies (COBIT)

General skills include:

* Demonstrate strong verbal and written communication skills as well as strong analytical and problem solving abilities
* Excellent English language, grammar, and spelling skills for writing, editing, and proofreading
* Ability to work independently or as a member of a team on various tasks.
* Skilled at organizing and translating information into clear written documentation; articulating complex concepts and processes in writing
* Proven ability to effectively research subject matter
* Experience working in a collaborative environment; ability to work well under tight deadlines and effectively interact with a wide range of personnel
* Strong experience with Microsoft product suite, particularly Microsoft Word, PowerPoint and SharePoint
* Strong writing skills - must submit samples

Industry-specific requirements

Knowledge, experience and subject matter expertise in the following:

* FedRAMP (Federal Risk Authorization Management Program)
* NIST SP 800-53 Rev 4
* NIST SP 800-37
* FISMA (Federal Information Systems Management Act)
* NIST RMF (Risk Management Framework)
* Supporting Systems Security Assessment and Authorization (SA&A) for Federal Agencies
* NIST FIPS 199, Data Classification
* Privacy Impact Assessment (PIA)
* DHS Continuous Monitoring Program

Education

* Bachelor's degree in a relevant field (e.g., English, Business Writing, Business Administration, etc.)

Additional

* US Citizenship required

#LI-BW1

Symantec is proud to be an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive and accessible environment for all employees. All employment decisions are based on merit, experience, and business needs, without regard to race, color, national origin, age, religion, sex, pregnancy (including childbirth or related medical conditions), genetic information, disability (physical or mental), medical condition, marital status, sexual orientation, gender identity or gender expression, military or veteran status, or any other consideration made unlawful by federal, state, or local law. Symantec strictly prohibits unlawful discrimination based on such protected characteristics and seeks to recruit the most talented candidates from diverse cultures and backgrounds.

We also consider for employment qualified individuals with arrest and conviction records. In addition, Symantec will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Learn more about pay transparency.

EEO is the law. Applicants and employees of Symantec Corporation are protected under Federal law from discrimination. See the EEO poster and supplement.