Principle FedRAMP Continuous Monitoring Engineer

FedRAMP Continuous Monitoring Engineer

Are you looking for an opportunity to drive our FedRAMP compliance initiatives?

Are you aiming to become our FedRAMP SME?

LexisNexis Risk Solutions provides customers with solutions and decision tools that combine public and industry-specific content with advanced technology and analytics to assist them in evaluating and predicting risk and enhancing operational efficiency. We use the power of data and advanced analytics to help our customers make better, timelier decisions. By bringing clarity to information, we ultimately help make communities safer, insurance rates more accurate, commerce more transparent, business decisions easier, and processes more efficient. Learn more at https://risk.lexisnexis.com/.

This team is responsible for implementing and managing the continuous monitoring of our FedRAMP program.

You will oversee and implement continuous monitoring processes in accordance with NIST guidelines, ensuring ongoing compliance of our organization's systems and infrastructure with FedRAMP requirements.

1. Develop and maintain a comprehensive continuous monitoring plan based on NIST SP 800-137, FedRAMP requirements, and organizational needs.
2. Establish processes to collect, analyze, and report security-related information from various sources, such as security controls, vulnerability assessments, and incident response activities.
3. Conduct regular risk assessments to identify vulnerabilities and threats; define KPIs and metrics to measure program effectiveness.
4. Monitor and analyze security logs, event data, and alerts to identify anomalies, incidents, and non-compliance.
5. Evaluate vulnerability scans and penetration tests to assess security posture.
6. Review security assessment and authorization artifacts, including system security plans, risk assessments, and control implementation documentation.
7. Support internal and external audits by compiling and presenting compliance evidence.

• Extensive FedRAMP continuous monitoring experience.
• Deep understanding of NIST SP 800-53 and FedRAMP requirements.
• Experience implementing and managing continuous monitoring for cloud-based systems in the Federal Government.
• Knowledge of cloud technologies (AWS, Azure), security tools, vulnerability scanners, and SIEM systems.
• Proficiency in evaluating assessments, penetration testing, and incident response.
• Understanding of SA&A processes, system security plans, and risk management frameworks like RMF.
• Ability to work with programming languages (Python, PowerShell) and BI platforms (Power BI).
• Proficiency with XML/JSON/Excel and SQL for data management.
• Knowledge of software development methodologies (Agile, Waterfall) and cloud services (Azure).

At LexisNexis Risk Solutions, we value diversity and inclusion, fostering an environment where every employee can thrive. We encourage applications from diverse backgrounds and underrepresented groups.

We are an equal opportunity employer. Qualified applicants are considered without regard to race, color, creed, religion, sex, national origin, disability, veteran status, age, marital status, sexual orientation, gender identity, or any other protected characteristic. For accommodations during the hiring process, contact us via this form or call 1-855-833-5120.

Read our Candidate Privacy Policy.