Cloud Cybersecurity Compliance Analyst

Are you passionate about being on a team of highly skilled, motivated and dedicated professionals charged with protecting sensitive data while supporting the JHU/APL mission?

Do you want to integrate cybersecurity and compliance within our enterprise, sector and department networks?

Are you passionate about protecting our Nation's sensitive information?

If so, we're looking for someone like you to join our team at APL.

We are seeking a dedicated Cloud Cybersecurity Compliance Analyst to help us protect APL's cloud-based and enterprise information technology infrastructure, as well as the Laboratory's other research and development internal and externally-hosted cloud-based services.

As a member of our team, you'll contribute to the cloud cybersecurity compliance, management and oversight of our unclassified cloud-based services in support of Sponsor/Program needs. You'll join an impressive team of technical specialists motivated by the common goal of supporting APL's operational security posture across a complex network infrastructure. You will independently identify and solve technical issues relating to cybersecurity, system hardening (ensuring system availability, integrity, authentication and confidentiality), and compliance.

As a Cloud Cybersecurity Compliance Analyst...

• Work in the Information Technology Service Department (ITSD) and serve as a cloud cybersecurity compliance Subject Matter Expert (SME) for the Laboratory, its Mission Areas, Sectors and Departments.
• Your primary responsibilities are aligned to supporting cloud compliance in alignment with the Cybersecurity Maturity Model Certification (CMMC) Program, NIST SP800-171 and SP800-172, as well as interpreting and applying various regulatory frameworks including FedRAMP, FISMA, NIST 800-53, NIST CSF, and DoD RMF.
• Assist the Compliance Program and InfoSec Compliance Team with cloud compliance initiatives by contributing to the development, implementation and regularly updating applicable security policies, procedures, and controls to meet CMMC and NIST SP800-171 and SP800-172 requirements while balancing against Mission needs in a research and development environment.
• Conduct cloud-focused cybersecurity, compliance, risk and vulnerability assessments across public, hybrid and private cloud platforms (e.g., AWS, Azure, GCP) against cloud-based cybersecurity best practices and applicable compliance frameworks with the ability to generate cloud security reviews and control gap analysis.
• Help manage and support both internal and externally-hosted cloud-based cybersecurity and compliance audits and assessments in support of CMMC, NIST SP800-171, Privacy & Health Controls, and other cybersecurity and compliance-related initiatives.
• Help prepare and maintain System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), supporting artifacts, and other compliance-related documentation for both internal and externally-hosted cloud-based services.
• Assist the Compliance Program and InfoSec Compliance Team in disseminating cloud cybersecurity guidance and compliance requirements, and providing support to system owners and other stakeholders on various cloud service offerings.
• Maintain awareness of current cloud security threats and emerging technologies, and support the automation and continuous monitoring of cloud security controls using tools such as AWS Config, Azure Security Center, etc.

You meet our minimum qualifications for the job if you...

• Master's Degree in Information Security or in a security related field or equivalent experience that provides the necessary knowledge, skill and abilities.
• Have a current industry cybersecurity certification (e.g., CISSP, Security+, etc.).
• 5+ years or more of experience implementing cybersecurity policy and security controls for enterprise information technology systems.
• Have a strong working knowledge of NIST SP 800-171 or 800-53, and the ability to support risk-based decisions to ensure compliance across the enterprise.
• Demonstrate ambition to further current knowledge and understanding by exploring new concepts and applying to cyber security.
• Are able to obtain a Secret level security clearance. If selected, you will be subject to a government security clearance investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship

You'll go above and beyond our minimum requirements if you...

• Have 10+ years or more of experience implementing cybersecurity policy and security controls for enterprise information technology systems.
• Have working knowledge of CMMC and/or possess a CyberAB CMMC-related credential, such as CMMC Certified Professional (CCP) or CMMC Certified Assessor (CCA).
• Understand and have general familiarity with the following regulatory standards:
• Federal Information Security Management Act (FISMA);
• Federal Risk and Authorization Management Program (FedRAMP);
• DISA's Cloud Computing Security Requirements Guide (CC SRG);
• Health Insurance Portability and Accountability Act (HIPAA), and;
• Personal Health Information/Personally Identifiable Information (PHI/PII).
• Demonstrate the ability to lead and manage complex projects, including planning, execution, resource coordination, risk mitigation, and timely delivery across multi-functional teams.
• Have proven experience serving as a SME in cloud compliance and cybersecurity, providing mentorship on regulatory requirements, ensuring policy adherence, and supporting audits, assessments, and risk mitigation initiatives.
• Possess working knowledge of GRC tools used to manage risk assessments, track compliance activities, and generate reports that support governance and regulatory obligations.
• Relevant certifications such as CCSP, CISSP, CISA, AWS/Azure Security Specialty, or equivalent.
• Experience supporting federal compliance programs (FedRAMP, FISMA, DoD RMF).
• Experience with cloud-native or containerized environments (e.g., Kubernetes security controls).
• Experience authoring or managing System Security Plans (SSPs) and POA&M documentation.

Why Work at APL?

The Johns Hopkins University Applied Physics Laboratory (APL) brings world-class expertise to our nation's most critical defense, security, space and science challenges. While we are dedicated to solving complex challenges and pioneering new technologies, what makes us truly outstanding is our culture. We offer a vibrant, welcoming atmosphere where you can bring your authentic self to work, continue to grow, and build strong connections with inspiring teammates.

At APL, we celebrate our differences of perspectives and encourage creativity and bold, new ideas. Our employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balance. APL's campus is located in the Baltimore-Washington metro area. Learn more about our career opportunities at http://www.jhuapl.edu/careers.

All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender identity or expression, sexual orientation, national origin, age, physical or mental disability, genetic information, veteran status, occupation, marital or familial status, political opinion, personal appearance, or any other characteristic protected by applicable law. APL is committed to providing reasonable accommodation to individuals of all abilities, including those with disabilities. If you require a reasonable accommodation to participate in any part of the hiring process, please contact Accommodations@jhuapl.edu.

The referenced pay range is based on JHU APL's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level with consideration for internal parity. For salaried employees scheduled to work less than 40 hours per week, annual salary will be prorated based on the number of hours worked. APL may offer bonuses or other forms of compensation per internal policy and/or contractual designation. Additional compensation may be provided in the form of a sign-on bonus, relocation benefits, locality allowance or discretionary payments for exceptional performance. APL provides eligible staff with a comprehensive benefits package including retirement plans, paid time off, medical, dental, vision, life insurance, short-term disability, long-term disability, flexible spending accounts, education assistance, and training and development. Applications are accepted on a rolling basis.