Security Technical Compliance Analyst (FedRAMP)
Zoomies help the world connect — and deliver happiness while doing it. We set out to build the best video conferencing product for the enterprise, and today help people communicate better with products like Zoom Phone, Zoom Rooms, Zoom Video Webinars, Zoom Apps, and OnZoom.
We’re problem-solvers and self-starters, working at a fast pace to design solutions with our customers and users in mind. Here, you’ll work across teams to dig deep into impactful projects that are changing the way people communicate, and enjoy opportunities to advance your career in a diverse, inclusive environment.
Security Technical Compliance Analyst (FedRAMP)
JOB DESCRIPTION
The Security Technical Compliance Analyst is responsible for working across internal stakeholders including Zoom for Government security team as well as the cloud operations team to drive key aspects of continuous compliance requirements.
Responsibilities include:
Coordinate with internal stakeholder operations teams to demonstrate the implementation of security compliance control implementations for technical, management, and operational requirements
Verify vulnerability and compliance scanning configurations within scanning tools remained configured with FedRAMP and DoD standards
Analyze scan results , can work to document false positives, operational requirements, vendor dependencies.
Document and maintain list of deviation requests, assigning appropriate risk reductions against CVS scores is maintained and justified
Parse raw vulnerability scans to assure scans data matches CMDB asset inventory assuring no gaps exist between Zoom for Government POA&M and raw scans
Provide asset tagging to allow for easier identification of assets in CMDB that allows for CVS risk reductions rationalization
Support the development of technical material, operational processes, security policies, and other core documents
Manage compliance metrics within the governance risk and compliance system to FedRAMP and DOD standards
Skills and competencies
Two or more years’ experience in:
Experience working compliance on FedRAMP and DoD cloud systems
Experience contributing to the writing of Deviation Requests, Operational Requirements, Vendor Dependencies and False Positives for compliance review and approval.
Experience with the production and/or editing of technical drawings using MS Visio or similar design tools.
Experience with technical documentation related to FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, and continuous monitoring
Well experienced in working with Plan of Action and Milestones (POA&M) and Federal Integrated Inventory Workbooks
Experience contributing to audit request and proven ability to provide necessary 3PAO evidence requests
Experience with and knowledge of:
Experience and familiarity with cloud data security (FISMA/FedRAMP compliance) and working with public cloud solutions (AWS)
Experience working with a Governance Risk and Compliance tool (preferably ServiceNow)
General skills include:
Demonstrate strong verbal and written communication skills as well as strong analytical and problem-solving abilities
Excellent English language, grammar, and spelling skills for writing, editing, and proofreading
Ability to work independently or as a member of a team on various tasks.
Skilled at organizing and translating information into clear written documentation; articulating complex concepts and processes in writing
Proven ability to effectively research subject matter
Experience working in a collaborative environment; ability to work well under tight deadlines and effectively interact with a wide range of personnel
Industry-specific requirements
Knowledge, experience and subject matter expertise in the following:
FedRAMP (Federal Risk Authorization Management Program)
NIST SP 800-53 Rev 4
NIST SP 800-37
FISMA (Federal Information Systems Management Act)
NIST RMF (Risk Management Framework)
Supporting Systems Security Assessment and Authorization (SA&A) for Federal Agencies
NIST FIPS 199, Data Classification
Education
Bachelor's degree in a relevant field (e. g., Cybersecurity, Information Security, Information Assurance, etc.)
Additional
US Citizenship required