Principle FedRAMP Continuous Monitoring Engineer

FedRAMP Continuous Monitoring Engineer

Are you looking for an opportunity to drive our FedRAMP compliance initiatives? Are you interested in becoming our FedRAMP SME?

LexisNexis Risk Solutions provides customers with solutions and decision tools that combine public and industry-specific content with advanced technology and analytics to assist them in evaluating and predicting risk and enhancing operational efficiency. We use the power of data and advanced analytics to help our customers make better, timelier decisions. By bringing clarity to information, we ultimately help make communities safer, insurance rates more accurate, commerce more transparent, business decisions easier, and processes more efficient. Learn more about LexisNexis Risk at https://risk.lexisnexis.com/.

This team is responsible for the implementation and management of the continuous monitoring of our FedRAMP program.

You will oversee and implement the continuous monitoring processes in accordance with NIST guidelines, ensuring ongoing compliance of our organization's systems and infrastructure with FedRAMP requirements.

1. Develop and maintain a comprehensive continuous monitoring plan based on NIST SP 800-137, FedRAMP requirements, and organization-specific needs.
2. Establish processes to collect, analyze, and report security-related information from various sources, such as security controls, vulnerability assessments, and incident response activities.
3. Conduct regular risk assessments to identify vulnerabilities and threats to cloud-based systems. Define KPIs and metrics to measure the effectiveness of the monitoring program.
4. Monitor and analyze security logs, event data, and system alerts to identify anomalies, security incidents, and non-compliance with policies.
5. Evaluate vulnerability scans and penetration tests to assess security posture.
6. Review and analyze security assessment and authorization (SA&A) artifacts, including system security plans, risk assessments, and security control documentation.
7. Support internal and external audits by compiling and presenting evidence of compliance with FedRAMP and NIST guidelines.

1. Extensive FedRAMP continuous monitoring experience.
2. In-depth understanding of NIST SP 800-53 guidelines and FedRAMP requirements.
3. Experience implementing and managing continuous monitoring programs for cloud systems in the Federal Government.
4. Knowledge of cloud technologies (AWS, Azure), security controls, and security tools like vulnerability scanners and SIEM systems.
5. Proficiency in evaluating vulnerability assessments, penetration testing, and incident response.
6. Understanding of SA&A processes, system security plans, and risk management frameworks (e.g., RMF).
7. Ability to work across programming languages (Python, PowerShell) and familiarity with Business Intelligence platforms (Power BI).
8. Proficiency with XML/JSON/Excel, experience with Data Warehousing and ETL processes, and SQL querying skills.
9. Knowledge of software development methodologies (Agile, Waterfall) and familiarity with Cloud services (Azure).

We value diversity at LexisNexis Risk Solutions and encourage applications from candidates of all backgrounds. We are committed to an inclusive work environment and provide accommodations during the hiring process. For support, contact this form or call 1-855-833-5120.

Read our Candidate Privacy Policy.