Cloud Security / FedRAMP Analyst

Cloud Security / FedRAMP Analyst

Position Overview

The Cloud Security / FedRAMP Analyst supports cloud security governance, FedRAMP-aligned authorization activities, cloud-hosted system compliance, and continuous monitoring for NCHS systems and modernization initiatives. This role assists with cloud migration security reviews, FedRAMP documentation, cloud-based SA&A packages, vulnerability reporting, POA&M tracking, and alignment with CDC-approved cloud environments.

Key Responsibilities

• Support cloud-hosted and FedRAMP-aligned SA&A activities for NCHS systems.
• Assist with FedRAMP-related documentation, security control implementation tracking, and agency-specific CDC ATO requirements.
• Evaluate cloud security posture, authorization boundaries, security baselines, interconnections, data jurisdiction, and cloud service compliance requirements.
• Support FedRAMP continuous monitoring activities, including vulnerability scans, POA&M updates, configuration changes, and cloud security reporting.
• Review cloud migration plans to ensure alignment with CDC-approved cloud architectures, including CDC-managed cloud environments such as AWS or Azure where applicable.
• Support system owners and stewards in documenting cloud risks, control gaps, remediation plans, and security requirements.
• Assist with incident response, breach reporting, TIC/boundary protection, encryption, data protection, and cloud environment compliance requirements.
• Prepare cloud security governance inputs for weekly status reports, monthly RMF reports, risk assessments, and ad hoc technical support deliverables.

Qualifications and Experience

• Experience supporting federal cloud security, FedRAMP authorization, cloud migration governance, or cloud continuous monitoring programs.
• Familiarity with FedRAMP security baselines, 3PAO assessments, POA&Ms, continuous monitoring artifacts, and agency ATO processes.
• Experience with cloud-hosted systems in federal environments, preferably CDC, HHS, or other civilian agencies.
• Experience supporting cloud security control reviews, vulnerability remediation, configuration management, and compliance reporting.
• Experience using Archer or comparable GRC platforms for security documentation and tracking.

Required Skills

FedRAMP, cloud security governance, cloud-hosted SA&A, CDC agency ATO support, continuous monitoring, vulnerability scanning, POA&M management, cloud risk assessments, security control baselines, configuration management, incident reporting, encryption/FIPS 140-2 awareness, TIC/boundary protection, AWS/Azure cloud security familiarity, Archer/GRC tools, and technical documentation.

Certification Requirement

Preferred: CCSP, CISSP, CAP, CISM, FedRAMP-specific training, cloud security certification, or equivalent cybersecurity certification.

Clearance / Security Requirement

No classified clearance required. Personnel must comply with CDC/HHS/NCHS information security, privacy, confidentiality, NDA, role-based training, Public Trust suitability, and HSPD-12/PIV requirements as applicable.

Salary

TBD.