Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Back to all jobs

cloud.gov - Security Compliance Architect

This job posting has closed.

Please see our other open positions.

cloud.gov is hiring for GS-15 - Security Compliance Architect. This page contains information related to the role as well as a link to submit your application. Check out Join TTS Hiring Process to learn more about the application process.

Location: Washington, DC; San Francisco, CA; Chicago, IL; New York, NY; Virtual (100% Remote)

Salary Range: The base salary range for this position is: GS-15 Step 1 - $106,595 to GS-15 Step 10 $138,572

The base salary range does not include any adjustment for locality. Your locality will be determined by where you live since most of our positions are remote. If the position isn’t remote, then your locality will be determined by the location of the office where the position is based.

You can find more information about this in the compensation and benefits section on our site.

For specific details on locality pay, please visit OPM’s Salaries & Wages page or for a salary calculator OPM’s 2019 General Schedule (GS) Salary Calculator.

Please note the maximum salary available for the GS pay system is $166,500 Note: You may not be eligible for the maximum salary as it is locality dependent. Please refer to the maximum pay for your locality.

Who May Apply: All United States citizens and nationals (residents of American Samoa and Swains Islands) and applicants must not be GSA employees or contractors

Role Summary:

Security Compliance Architect - GS-15

cloud.gov, a product team within 18F, is looking for a security compliance architect to help us deliver better digital services to the public. You will be a builder, contributor, and a catalyst. With the support of our team of about 15 people, you will solve large complex problems while spreading user-centered, open, and secure culture. cloud.gov is an open source team, so much of what you work on will be open source. Our team is excited to tackle challenging problems to improve the lives of others. We care about respect and listening to each other.

Our vision is to help federal government teams radically reduce the time and labor of the ATO process while fulfilling security requirements and improving security. We do this by providing a modern and cloud-native Platform as a Service (hosted on Infrastructure as a Service) with a FedRAMP Joint Authorization Board Provisional ATO at the Moderate level. Our cloud.gov customer systems inherit much of their security compliance from our system. Your role is critical to this vision, and your work will include:

  • Lead maintenance of the cloud.gov P-ATO
  • Help team members and customers understand security compliance
  • Improve how cloud.gov supports and accelerates customer compliance
  • Publish open source compliance materials and explanations, for reuse and learning by teams in the public and private sectors

This is an Information Systems Security Officer role, so it’s great if you have experience as an ISSO or equivalent. You should have strong technical writing skills. You should be able to explain the security value of engineering best practices such as source control, automated testing, continuous integration and deployment, and peer review. You should have experience making recommendations to engineering and leadership team members. You do not need to write code — it’s more important to be able to write policies and procedures. The best candidates will have a background working on cross-functional, multidisciplinary teams that deliver digital products and services in an incremental, user-focused environment.

Key Objectives

Key objective #1: Lead fulfillment of FedRAMP Authorization requirements.

  • Edit and maintain our security compliance documents using FedRAMP templates and NIST standards, including our System Security Plan, Plan of Actions and Milestones (POAM), Deviation Requests, Significant Change Requests, Incident Response Plan, and Contingency Plan
  • Serve as liaison between the cloud.gov team and our Authorizing Officials (our FedRAMP Joint Authorization Board Technical Reviewers’ Representatives)
  • Serve as liaison between the cloud.gov team and our security auditor (our 3PAO - Third-Party Assessment Organization)
  • Coordinate our Annual Assessments, monthly Continuous Monitoring reports, and Significant Change Request assessments, according to FedRAMP requirements

Key objective #2: Lead high-quality and consistent security compliance within our cloud.gov team.

  • Coordinate with cloud.gov Product Manager, engineering team members, and other team members (including Director and Deputy Director) to explain FedRAMP requirements and plan and prioritize team tasks to fulfill those requirements.
  • Identify internal security compliance needs and issues, and coordinate resolving those issues by working constructively with the rest of the team.
  • Collaborate with team members to interpret, implement, and document requirements in ways that prioritize secure engineering best practices, not simply checking checkboxes.
  • Contribute to our procurement process for compliance-related services and products, such as our 3PAO contracts.
  • Run cloud.gov team compliance trainings, security review meetings, incident response exercises, and other required security compliance meetings in ways that engage and educate our team.
  • Participate in team security incident response and contingency plan response processes, including as Incident Commander when needed.

Key objective #3: Teach and collaborate with customers, fellow teams, and the public.

  • Identify and contribute to ways that cloud.gov can support and accelerate customer compliance, such as new tools, templates, and training.
  • Participate in cloud.gov business development calls and customer support email threads to answer customer questions related to security compliance.
  • Serve as the cloud.gov liaison to our division’s team that handles larger infrastructure and compliance topics.
  • Participate in cross-team working groups for security and compliance, which provide informal advising and learning.
  • Publish our compliance documents as open source materials for reuse by the public, with appropriate security risk management part of our vision is to publish most of our System Security Plan.

Key objective #4: Contribute to the culture and knowledge of the team, practicing and sharing agile methodologies throughout all stages of the project lifecycle.

  • Work within a distributed, multidisciplinary agile team by participating in constructive discussions, sharing knowledge, and demonstrating value for technical and non-technical contributions.
  • Support a safe, inclusive, respectful workplace and a positive team culture where all team members value diversity and individual differences.
  • Develop new insights into situations and question conventional approaches.
  • Provide visibility into each project’s progress, communicate blockers and challenges, and ask for help.
  • Demonstrate a strong understanding of the elements of agile methodology (scrum, kanban, and so on).
  • Support the team practices of human-centered design, user testing, feature prioritization, and DevOps.

Basic Information

Location: Washington, DC; San Francisco, CA; Chicago, IL; New York, NY; Virtual (100% Remote)

Salary Range: Base salary GS-15 - $106,595 to $138,572

If you are a new federal employee, your starting salary will likely be set at the Step 1 of the grade for which you are selected. Total compensation may include locality pay based on the individual’s duty location. For more salary information including locality pay details, please visit OPM’s Salaries & Wages page.

Who May Apply: All United States citizens and nationals (residents of American Samoa and Swains Islands) and applicants must not be GSA employees or contractors

Job announcement number: tbd

Opening and closing period for this job application: tbd EDT to tbd EDT EDT

Job Title: Innovation Specialist

Series & Grade: 0301 - 15

Promotion Potential: GS-15

Number of vacancies: 1 (Additional vacancies may be filled from this announcement as needed)

Supervisory status: NO

Travel requirement: Occasional travel may be required up to 10%-20% per year

Security clearance: Public trust. Background investigation required.

Work Schedule: Full time

Appointment Type: Excepted Service: Not to exceed 24 months (2 years); may be extended for an additional 2 years for a maximum of 4 years total.

Job Summary

This is a Schedule A position under 5 CFR 213.3102(r) to hire unique technical skills to develop innovative digital tools and services in the Excepted Services, US Digital Service 18F Fellowship Program. The 18F office is charged with developing innovative digital tools and services and uses lean startup and agile development principles to collaborate with other agencies to fix technical problems, build products, and improve how government serves the public through technology.

As an Innovation Specialist, the team member serves the government and makes an impact on a massive scale. The position requires that fellows perform work of an exceptional degree of difficulty across a wide range of topics at the convergence of technology, policy, and delivery. The incumbent leverages their experience deploying high quality, user centric platforms and services to lead major initiatives, consult on systems and policy proposal, and provide technical, policy, and programmatic guidance to government.

This position is located within the General Services Administration (GSA), Federal Acquisition Service (FAS), Technology Transformation Service (TTS), Office of 18F.

GSA has been repeatedly named as one of the ‘Best Places to Work’ in the federal government. You will have access to many benefits including:

  • Health insurance (choose from a wide range of plans)
  • Life insurance coverage with several options
  • Sick leave and vacation time, including 10 paid holidays per year
  • Thrift Savings Plan (similar to a 401(k) plan)
  • Flexible work schedules and telework
  • Transit and child care subsidies
  • Training and development
  • Flexible spending accounts
  • Long-term care insurance
  • Training and development

Key Requirements

  1. You must be a U.S. Citizen or National (residents of American Samoa and Swains Islands)
  2. Suitable for federal employment, determined by a background investigation
  3. You may be required to serve a trial period
  4. Direct Deposit of salary check to financial organization required
  5. Register with Selective Service, if you are required by https://www.sss.gov/Registration-Info/Who-Registration

Employment Requirements

  • Serve a one year trial period, if required
  • Undergo and pass a background investigation. You must be granted this clearance before you can start the job
  • Have your identity and work status eligibility verified if you are not a GSA employee. We will use the Department of Homeland Security’s e-Verify system for this
  • Any discrepancies must be resolved as a condition of continued employment
  • Complete a financial disclosure report to verify that no conflict, or an appearance of conflict, exists between your financial interest and this position

Duties

Typical duties for the fellow include but are not limited to: Conceiving/recommending projects/studies to advance the state of the art in the specialty area; applying forward­ thinking design and development principles to product or services development, delivery and program management, such as lean startup, user­centered design, and agile development; Analyzing and scoping the technical and policy requirements needed to implement complex digital solutions; Assessing the state of digital services provided by the Federal Government, and working to align strategies and practice; conferring with key government/private officials and top experts in the field, representing the agency at technical symposia and/or conferences; Developing authoritative papers/reports; developing and leading adoption of government­wide standards for digital services, leading to their adoption across citizen and business­facing government services; Demonstrating thought leadership and contributing best practices in a variety of technologies and principles; Contributing to a talent strategy that includes recruiting innovators and entrepreneurs to participate in solving complex and esoteric challenges.

Evaluation

We will use a method called Category Rating to assess your application.

Here’s how it will work:

You will be scored based on a review of your application materials, measuring your possession of each of the following competencies

  • Technical Fluency: The ability to assimilate and synthesize highly technical information and then effectively communicate that information to audiences with a wide range of technical familiarity
  • Communication: Ability to communicate effectively with a variety of audiences, particularly consulting clients/partners, to establish a shared vision and understanding of a project’s technical implementation, objectives and goals.
  • Teamwork & Collaboration: The ability to work cooperatively with others to accomplish objectives and build inclusive and mutually-beneficial partnerships
  • Problem Solving: The ability to design, analyze, synthesize and/or evaluate information to produce and defend a desired solution.
  • TTS Core Values Alignment: Working with integrity, transparency and resiliency in civic minded or high impact environment

If found to be eligible and at least minimally qualified for the position, your score will be used to place you in a category (Best Qualified, Well Qualified, or Qualified).

If your resume does not support your possession of the competencies listed above, we may lower your score, which could place you in a lower category.

Within each category, veterans will receive selection priority over non-veterans if supported by appropriate documentation.

Qualifications

All applications will be reviewed by a panel of subject matter experts against a scoring rubric created for this role. In order to properly be able to evaluate your previous experience, we recommend being as detailed as possible in your resume and following our general guidance on creating federal style resume.

To qualify for this role, you must have one year of specialized experience equivalent to the GS-14 in the Federal service. Specialized experience is:

  1. Experience managing security compliance responsibilities. This experience must include ALL of the following:
    • Working with Federal Information Security Management Act (FISMA) requirements
    • Serving as a lead of a security compliance documentation process
    • Writing or editing security compliance documentation

  2. Experience working as part of a team to deliver digital products or services.

  3. Experience using agile methodologies.

Qualification determinations cannot be made when resumes do not include the required information, so failure to provide this information may result in disqualification.

For each job on your resume, provide:

  • the exact dates you held each job (from month/year to month/year or “present”)
  • number of hours per week you worked (if part time)

How To Apply

We’re sorry, this job has closed.

Join TTS

An official website of the GSA’s Technology Transformation Services

Looking for U.S. government information and services?
Visit USA.gov