Zoomies help the world connect — and deliver happiness while doing it. We set out to build the best video conferencing product for the enterprise, and today help people communicate better with products like Zoom Phone, Zoom Rooms, Zoom Video Webinars, Zoom Apps, and OnZoom.

We’re problem-solvers and self-starters, working at a fast pace to design solutions with our customers and users in mind. Here, you’ll work across teams to dig deep into impactful projects that are changing the way people communicate, and enjoy opportunities to advance your career in a diverse, inclusive environment. 

Security Technical Compliance Analyst (FedRAMP)

JOB DESCRIPTION

The Security Technical Compliance Analyst is responsible for working across internal stakeholders including Zoom for Government security team as well as the cloud operations team  to drive key aspects of continuous compliance requirements. 

Responsibilities include:

• Coordinate with internal stakeholder operations teams to demonstrate the implementation of security compliance control implementations for technical, management, and operational requirements

• Verify  vulnerability and compliance scanning configurations within scanning tools remained configured with FedRAMP and DoD standards

• Analyze scan results ,  can work to document false positives, operational requirements, vendor dependencies.

• Document and maintain list of deviation requests, assigning appropriate risk reductions against CVS scores is maintained and justified 

• Parse raw vulnerability scans to assure scans data matches CMDB asset inventory assuring no gaps exist between Zoom for Government POA&M and raw scans

• Provide asset tagging to allow for easier identification of assets in CMDB that allows for CVS risk reductions rationalization

•  

• Support the development of technical material, operational processes, security policies, and other core documents

• Manage compliance metrics within the governance risk and compliance system to FedRAMP and DOD standards

Skills and competencies

Two or more years’ experience in:

• Experience working compliance on FedRAMP and DoD cloud systems

• Experience contributing to the writing of Deviation Requests, Operational Requirements, Vendor Dependencies and False Positives for compliance review and approval.

• Experience with the production and/or editing of technical drawings using MS Visio or similar design tools.

• Experience with technical documentation related to FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, and continuous monitoring

• Well experienced in working with Plan of Action and Milestones (POA&M) and Federal Integrated Inventory Workbooks 

• Experience contributing to audit request and proven ability to provide necessary 3PAO evidence requests 

Experience with and knowledge of:

• Experience and familiarity with cloud data security (FISMA/FedRAMP compliance) and working with public cloud solutions (AWS)

• Experience working with a Governance Risk and Compliance tool (preferably ServiceNow) 

General skills include:

• Demonstrate strong verbal and written communication skills as well as strong analytical and problem-solving abilities

• Excellent English language, grammar, and spelling skills for writing, editing, and proofreading

• Ability to work independently or as a member of a team on various tasks.

• Skilled at organizing and translating information into clear written documentation; articulating complex concepts and processes in writing

• Proven ability to effectively research subject matter

• Experience working in a collaborative environment; ability to work well under tight deadlines and effectively interact with a wide range of personnel

Industry-specific requirements

Knowledge, experience and subject matter expertise in the following:

• FedRAMP (Federal Risk Authorization Management Program)

• NIST SP 800-53 Rev 4

• NIST SP 800-37

• FISMA (Federal Information Systems Management Act)

• NIST RMF (Risk Management Framework)

• Supporting Systems Security Assessment and Authorization (SA&A) for Federal Agencies

• NIST FIPS 199, Data Classification

Education

• Bachelor's degree in a relevant field (e. g., Cybersecurity, Information Security, Information Assurance, etc.)

Additional

• US Citizenship required