Cloud Security SME

Responsibilities:
Assess and Enhance Cloud Security:
• Conduct detailed analyses to identify Zero Trust gaps and capabilities across HHS cloud environments, ensuring alignment with NIST SP 800-207 and CISA ZTMM 2.0.
Develop Zero Trust Roadmaps:
• Collaborate with stakeholders to establish cloud-focused roadmaps that support HHS-wide Zero Trust objectives and individual OpDiv requirements.
Implement and Manage Secure Cloud Environments:
• Lead efforts in deploying and managing FedRAMP-compliant cloud environments, ensuring robust data protection and compliance with federal standards.
Technology Evaluation and Testing:
• Develop use cases, conduct pilot demonstrations, and evaluate emerging cloud security tools in a FedRAMP-authorized test environment to enhance ZTA capabilities.
Automation and Integration:
• Collaborate with Full Stack Developer to design and implement process automation for data collection and reporting, including FISMA and ZTM metrics, to streamline cloud security operations.
Documentation and Reporting:
• Produce detailed reports and technical documentation, including security frameworks, risk assessments, and compliance artifacts, to support ongoing HHS cloud initiatives.
Training and Best Practices:
• Develop and deliver training programs to increase awareness of cloud security practices and Zero Trust implementation across HHS.
Risk Management:
• Develop and manage risk registers, proactively addressing potential risks and updating mitigation strategies monthly. Requirements:

• Bachelor's degree in Cybersecurity, Cloud Computing, Information Technology, or a related field.

• Minimum of 7 years of experience in cloud security, architecture, and engineering, with a focus on federal environments.

• Expertise in FedRAMP standards, cloud-native security tools, and frameworks, with proficiency in platforms such as AWS, Azure, or Google Cloud.

• Strong understanding of Zero Trust principles, including identity management, network segmentation, data encryption, and continuous monitoring.

• Proven ability to assess security gaps, develop risk mitigation strategies, and implement secure cloud infrastructures.

• Experience working with automated data collection and reporting tools to support metrics like ZTM and FISMA compliance.

• Excellent communication skills to collaborate with diverse stakeholders and present complex technical concepts effectively.

• Ability to obtain and maintain Public Trust clearance.