Search all jobs
Browse jobsHyattsville, MD › Cloud Security & Compliance Specialist (15.43)

Cloud Security & Compliance Specialist (15.43)

OCT Consulting, LLC · Hyattsville, Maryland, United States · Posted Jun 4, 2026

Apply on company site   Track it in JobSkout

OCT Consulting is a business management and technology consulting firm that supports Federal Government clients. We provide consulting services in the areas of Strategy, Process Improvement, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology.

OCT currently has an opening for a Cloud Security & Compliance Specialist to support a federal client. The specialist will support the ISSO/SSPO with cloud security operations, FedRAMP-related support activities, and information security compliance for cloud-hosted and modernized IT environments.

This position is contingent upon contract award .

Day-to-day responsibilities include:

Support client cloud migration efforts and IT modernization initiatives from an information security governance perspective, ensuring alignment with existing cloud architectures (AWS, Azure) and EPLC requirements.

Assist in cloud security operations including FedRAMP-related SA&A support, continuous monitoring, and maintaining security authorizations for cloud-hosted and FedRAMP-aligned systems.

Conduct vulnerability and compliance reporting: analyze scan results, identify critical/high vulnerabilities, and provide actionable remediation recommendations; submit monthly reports to the COR.

Support POA&M development, tracking, and monthly updates for cloud-hosted and contractor-hosted systems; ensure all findings are tracked and reflect current remediation status.

Assist with Security Assessment and Authorization (SA&A) package development and coordination including SSPs, RARs, POA&Ms, Contingency Plans, and E-Authentication assessments.

Support compliance with FedRAMP security control baselines, NIST SP 800-53, FISMA, OMB Circular A-130, and applicable agency cloud security policies.

Assist in reviewing and validating ISSO intranet content and security resources; prepare intranet content review reports.

Develop and maintain the Security Authorization Boundary Inventory & Strategy Report, assessing system inventory and recommending optimized authorization boundaries.

Participate in EPLC security reviews and IT acquisition security reviews related to cloud-based solutions and modernization efforts.

Prepare ad hoc technical support deliverables for cloud migration support, acquisition security reviews, and other RMF-related activities as requested.

Support development and maintenance of security training materials for client staff and stakeholders; assist with training delivery as needed.

Ensure HSPD-12/PIV requirements, FIPS 140-2 encryption standards, and CUI handling requirements are met across cloud-operated systems.

Maintain compliance with all agency security training requirements including annual Security Awareness Training (SAT) and role-based training (RBT).

Apply on company site