IBM IBM Shared Operation Services (SOS) FedRAMP SME in St Louis, Missouri
Software Developers at IBM are the backbone of our strategic initiatives to design, code, test, and provide industry-leading solutions that make the world run today - planes and trains take off on time, bank transactions complete in the blink of an eye and the world remains safe because of the work our software developers do. Whether you are working on projects internally or for a client, software development is critical to the success of IBM and our clients worldwide. At IBM, you will use the latest software development tools, techniques and approaches and work with leading minds in the industry to build solutions you can be proud of.
Your Role and Responsibilities
Preferred locations include: Littleton MA, Raleigh/Durham NC, Austin TX, Dallas TX, North Castle, NY, NYC NY, Remote
SOS is looking for a highly skilled FedRAMP Cloud Security SME/Assessor. They will be working on a team tasked with building security and compliance support services for its FedRAMP Compliant Cloud platform, which includes production support, governance, security, controls, and operations for the SOS SaaS cloud environment. They will serve as the Subject Matter Expert (SME) for the P&OS Organization's SOS SaaS implementation on IBM Cloud, possessing in-depth knowledge of business risk management, security engineering, and regulatory compliance with FedRAMP, FISMA, and NIST.
Essential Job Duties:
Lead and assist with security testing and security control assessments of the SOS FedRAMP IBM Cloud (IC) systems to ensure compliance with the NIST SP 800-53 Rev. 4 and FedRAMP specific requirements.
Lead and conduct FedRAMP security control assessments within the continuous monitoring Authorization cycle.
Technically assess SOS FedRAMP SaaS, PaaS and IaaS security configurations and implementation.
Interface with IC staff to perform the security assessment activities.
Lead and support security control assessments based on FedRAMP requirements, NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev.1.
Analyze results from vulnerability scanning tools such as Nessus HP WebInspect, QualysGuard, AppDetective, and Burp Suite.
Develop Readiness Assessment Reports (RARs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plan of Action and Milestone (POA&M) Reports.
Develops and implements information assurance/security standards and procedures
Knowledge and experience of any of these an advantage:
Conduct a FedRAMP readiness study to provide SOS & IBM Cloud with an assessment of their capabilities to achieve FedRAMP accreditation. This includes performing a current state FedRAMP readiness review of the IBM Cloud capabilities and providing a roadmap to become FedRAMP accredited.
Develop NIST / FISMA / FedRAMP SA&A documentation for systems and networks undergoing certification and validate the quality of deliverables produced by the team
Assess risks, identify mitigation requirements and develop accreditation recommendations; be responsible for tracking SA&A requirements for assigned systems within the agency and validate that tasks are on schedule, and ensure the delivery of quality documentation
Assist in the creation of SA&A packages with the responsibility for gathering information from SOS Service owners, applying data to the appropriate templates, and attending meetings in support of the effort
Required Technical and Professional Expertise
4+ years Information Assurance experience
3+ years of working experience in security related field
Experience in developing and implementing Information Assurance plan for a new information system development effort
Excellent problem solving skills and strong attention to detail
Ability to work effectively in a rapidly changing, team-based environment
Excellent communication and collaboration skills with business and technical communities
Conducting FedRAMP Readiness Assessments and reviewing ATO packages for FedRAMP Cloud environments.
Experience with Cloud Architecture requirements necessary to provide public, private, or hybrid Cloud services.
Experience and Competency with Trusted Agent FISMA (TAF), RSA Archer, or similar GRC tool.
Preferred Technical and Professional Expertise
Experience designing security architecture solutions within IBM Cloud environments
Experience working with Federal Agencies.
Experience in technical writing/editing of IT Security materials.
Experience implementing NIST 800-53 rev.4 security controls in a FedRAMP Cloud environment for the Federal Government.
About Business Unit
IBM Corporate Headquarters (CHQ) team represents a variety of functions such as marketing, finance, legal, operations, HR, and more, all working together to solve some of the world's most complex problems, help our clients achieve success and build collaborative work environments for IBMers.
Your Life @ IBM
What matters to you when you’re looking for your next career challenge?
Maybe you want to get involved in work that really changes the world? What about somewhere with incredible and diverse career and development opportunities – where you can truly discover your passion? Are you looking for a culture of openness, collaboration and trust – where everyone has a voice? What about all of these? If so, then IBM could be your next career challenge. Join us, not to do something better, but to attempt things you never thought possible.
Impact. Inclusion. Infinite Experiences. Do your best work ever.
IBM’s greatest invention is the IBMer. We believe that progress is made through progressive thinking, progressive leadership, progressive policy and progressive action. IBMers believe that the application of intelligence, reason and science can improve business, society and the human condition. Restlessly reinventing since 1911, we are the largest technology and consulting employer in the world, with more than 380,000 IBMers serving clients in 170 countries.
IBM will not be providing visa sponsorship for this position now or in the future. Therefore, in order to be considered for this position, you must have the ability to work without a need for current or future visa sponsorship.
Being You @ IBM
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.