Principle Fedramp Continuous Monitoring Engineer

Company	RELX
Location	Boca Raton, FL, USA, Alpharetta, GA, USA, Illinois, USA
Salary	$Not Provided – $Not Provided
Type	Full-Time
Degrees
Experience Level	Senior, Expert or higher

Possess current and extensive FedRAMP continuous monitoring experience.
Possess an In-depth understanding of the NIST Special Publication 800-53 guidelines and FedRAMP requirements
Possess an understanding of security controls and their implementation within complex IT environments.
Demonstrated experience in implementing and managing continuous monitoring programs for cloud-based systems within the Federal Government.
Possess knowledge of cloud technologies, infrastructure, and security controls (e.g., AWS, Azure).
Familiarity with industry-leading security tools, vulnerability scanners, and security information and event management (SIEM) systems.
Proficiency in evaluating vulnerability assessments, penetration testing, and security and incident response.
Knowledge of security assessment and authorization (SA&A) processes, system security plans, and risk management frameworks (e.g., RMF).
Possess the ability to work across programming languages and frameworks (e.g., Python, Power Shell)
Have the proficiency in Business Intelligence platforms (e.g., Power BI)
Working knowledge of XML/JSON/Excel (Pivot Tables, VLOOKUPs, etc.)
Experience with Data Warehousing and Extract, Load, Transform (ETL) process.
Ability to work with databases and write simple to complex queries using SQL
Have knowledge of software development methodologies (e.g., Agile, Waterfall).
Familiarity with Cloud services (Azure)

Developing and maintaining a comprehensive continuous monitoring plan based on NIST SP 800-137 guidelines, FedRAMP requirements, and organization-specific needs.
Establishing processes and procedures to collect, analyze, and report security-related information from various sources, such as security controls, vulnerability assessments, and incident response activities.
Conducting regular risk assessments to identify potential vulnerabilities and threats to cloud-based systems.
Define key performance indicators (KPIs) and metrics to measure the effectiveness of the continuous monitoring program.
Monitoring and analyzing security logs, event data, and system alerts to identify anomalies, security incidents, and non-compliance with established security policies.
Evaluating vulnerability scans and penetration tests to assess the security posture of cloud-based systems.
Reviewing and analyzing security assessment and authorization (SA&A) artifacts, including system security plans, risk assessments, and security control implementation documentation.
Providing support during internal and external audits or assessments by compiling and presenting evidence of compliance with FedRAMP and NIST guidelines.

No preferred qualifications provided.