Cloud Cybersecurity Artifact Collector
Job Category: Information Technology
Time Type: Full time
Minimum Clearance Required to Start: Secret
Employee Type: Regular
Percentage of Travel Required: None
Type of Travel: None

THE OPPORTUNITY:

The Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) Program is seeking a Cloud Cybersecurity Artifact Collector to support the United States Coast Guard (USCG) by assessing and verifying the security and compliance posture of cloud-hosted systems. This role will focus on auditing cybersecurity controls, validating compliance with federal frameworks (e.g., FedRAMP, NIST RMF, FISMA), and assisting in risk mitigation and governance activities across Azure and AWS environments.
This is a full-time, remote position. Candidates must reside within the United States. All collaboration and meetings are conducted virtually

QUALIFICATIONS:

• Active Secret Clearance
• DoD 8570 IAT Level II Certification (e.g., Security+ CE)
• Minimum 5 years of experience auditing or assessing cybersecurity compliance for federal or DoD systems
• Strong knowledge of FedRAMP, FISMA, RMF, NIST SP 800-53, STIGs, and cloud compliance practices
• Hands-on experience with system security assessments and reporting of audit findings
• Familiarity with cybersecurity tools and scanning platforms (e.g., Tenable, Microsoft Defender, Qualys, or similar)
• Excellent written and verbal communication skills, particularly in technical documentation and presenting audit findings to stakeholders

Desired:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Assurance, or related field
• Microsoft certifications (e.g., AZ-500, SC-900, SC-100)
• Experience auditing Azure, AWS, or hybrid cloud infrastructures
• Familiarity with Secure Cloud Computing Architecture (SCCA) controls
• Experience using eMASS to manage system authorizations and RMF artifacts

• Experience using RegScale for automated compliance tracking and reporting

• Perform independent audits and assessments of cloud systems (e.g., Azure, AWS) to ensure alignment with DoD, DHS, and federal cybersecurity standards.
• Evaluate security controls and cloud configurations against compliance frameworks including FedRAMP, NIST SP 800-53, STIGs, and Secure Cloud Computing Architecture (SCCA).
• Analyze system security documentation such as SSPs, POA&Ms, incident response plans, and contingency plans to validate completeness and accuracy.
• Conduct security control assessments (SCA), penetration testing reviews, and security impact analyses as part of continuous authorization and compliance validation processes.
• Review and validate logging, alerting, and monitoring practices using tools like Microsoft Sentinel, Azure Monitor, and AWS CloudTrail.
• Lead or support compliance audits, inspections, and IV&V (Independent Verification & Validation) activities.
• Provide findings and risk analysis to stakeholders, identifying gaps and offering remediation strategies aligned with security best practices.
• Track and report on compliance metrics, vulnerabilities, and deviations; ensure documentation supports annual FISMA reporting and continuous monitoring plans.
• Use eMASS (Enterprise Mission Assurance Support Service) to track RMF packages and manage control implementation evidence.
• Leverage RegScale for automating compliance tasks, continuous control monitoring, and maintaining system security documentation.
• Contribute to compliance automation strategies using scripting and tools (e.g., PowerShell, Azure Automation, AWS Config Rules).
• Coordinate with ISSOs, engineers, and system owners to ensure audit readiness and a proactive cybersecurity posture.
• Assist the ISSM and ISSOs in preparing documentation for system ATO packages and in maintaining continuous monitoring artifacts.
• Support ISSM and ISSO efforts in responding to internal and external audits, inspections, and data calls.
• Collaborate with ISSM/ISSO personnel to ensure accurate, timely, and complete system documentation in accordance with agency requirements.