Peraton is a next-generation national security company that drives missions of consequence. They are seeking a FedRAMP Moderate Systems Security Officer / PaaS Operations Engineer to support the security, compliance, and operational integrity of a cloud-based Platform-as-a-Service environment operating under FedRAMP Moderate authorization.
Responsibilities:
- Perform continuous monitoring activities in accordance with FedRAMP Moderate requirements
- Conduct vulnerability and compliance scanning, analysis, prioritization, remediation, and reporting
- Operate SIEM tools for centralized logging, alerting, and security event analysis
- Monitor system security posture and implement ongoing security improvements
- Safeguard sensitive and regulated information
- Maintain FedRAMP documentation including the System Security Plan (SSP), Policies and Procedures, and Control implementation narratives
- Ensure that SaaS and PaaS operational solutions remain compliant with FedRAMP Moderate risk requirements
- Track, manage, and remediate Plans of Action and Milestones (POA&Ms)
- Support internal and external security and compliance audits
- Administer and support Active Directory and Identity Management solutions
- Administer access provisioning, deprovisioning, and least privilege enforcement
- Maintain Zero Trust and Privileged Access Management solutions
- Perform network management and security operations, including monitoring and configuration
- Manage digital certificates and Public Key Infrastructure (PKI) components
- Participate in incident response activities, detection, analysis, containment, and reporting
- Support contingency planning, continuity of operations (COOP), and disaster recovery efforts
- Assist with tabletop exercises, incident simulations, and post-incident reviews
Requirements:
- Bachelor's degree and 5 years of experience, or High school diploma and 9 years of experience
- Demonstrated experience in: Cybersecurity Governance, Risk, and Compliance (GRC)
- Vulnerability and compliance scanning and remediation (Nessus or others)
- SIEM management and security event analysis (Sumo Logic or others)
- Identity and Access Management (AWS IAM, Active Directory or others)
- Network administration, security, best practices
- Incident response and contingency planning
- U.S. Citizenship required
- Must be able to obtain and maintain the required agency clearance
- Knowledge of NIST SP 800-53 Rev. 5 and FIPS requirements
- Experience supporting security and compliance audits
- Cloud security and compliance experience (AWS, others)
- Security system administration on Windows and Linux platforms
- Familiarity with Zero Trust architecture
- CISSP, CISM, CCSP
- GRC-related certifications (e.g., GCRC)
- AWS Cloud certifications
- Linux, Networking, other relevant security or technical certifications