Careers at L&C
Unlock your potential at Landers and Company
Join Us!
We’re always looking for talented experts to join us in delivering expert advisory services to our clients.
L&C team members have a range of both deep and broad expertise in the cybersecurity compliance industry, with a specific focus on risk assessment, information security, and continuous monitoring for the federal government and Cloud Service Providers (CSPs). If you love partnering with clients to strengthen their security programs and to advise them through the FedRAMP process, check out our opportunities below. We’re always looking for new talent to join our growing team.
Role: Security Consultant – Principal & Senior -
Provides expert guidance to L&C customers seeking to design, build, architect, implement, and maintain a cloud service offering (CSO) in accordance with the Federal Information Security Management Act (FISMA), Office of Management and Budget (OMB), National Institute of Standards and Technology (NIST) 800 series publications, Federal Information Security Processing (FIPS) Publications, and Department of Defense (DoD) Cloud Computing (CC) Security Requirements Guide (SRG) compliance requirements.
Responsibilities
- Oversee and provide expert guidance to L&C customers seeking to design, build, architect, implement and maintain a cloud service offering (CSO) in accordance with the Federal Information Security Management Act (FISMA), Office of Management and Budget (OMB), National Institute of Standards and Technology (NIST) 800 series publications, Federal Information Security Processing (FIPS) Publications, and Department of Defense (DoD) Cloud Computing (CC) Security Requirements Guide (SRG) compliance requirements.
- Develop, document, and perform quality control reviews of the following key FedRAMP authorization package documentation:
- System Security Plan (SSP)
- Federal Information Processing Standards (FIPS) 199 Security Categorization
- Digital Identity Worksheet
- System Security Policies and Procedures
- Privacy Threshold Analysis (PTA) and Privacy Impact Analysis (PIA)
- Rules of Behavior (RoB)
- Information System Contingency Plan (ISCP)
- Configuration Management Plan (CMP)
- Incident Response Plan (IRP)
- Control Implementation Summary (CIS) Worksheet
- Customer Responsibility Matrix (CRM) Worksheet
- Separation of Duties (SoD) Matrix
- Related Acronyms
- Specific Laws and Regulations
- Supply Chain Risk Management Plan
- Continuous Monitoring Plan
Qualifications
- Minimum of 5 years of relevant NIST, FISMA, and/or FedRAMP consulting experience with a primary focus on IT security policies, security architecture and design, and the core authorization package documentation listed above, or 3 years of minimum experience in an information security or information assurance role and a minimum of 2 years of direct experience with FedRAMP assessment and advisory services in accordance with NIST SP 800-37 and FedRAMP guidance.
- Thorough knowledge and working experience in the technical security assessment and design of cloud-based systems and network infrastructures.
- In-depth knowledge of standard methodologies used in the FedRAMP and DoD FedRAMP+ authorization process including all relevant NIST SP, FIPS Publications, DoD SRGs, and other applicable Federal laws, regulations and executive orders
- Must have extensive experience in NIST guidance and industry best practices for: Risk Assessment and Management, Vulnerability Analysis, Contingency Planning/Disaster Recovery, Configuration Management, Security Assessments, and Incident Response.
- Must have experience conducting technical security assessments and providing advisory support for the development of complex information systems with minimal to no supervision.
Certifications (Two or More Preferred):
- International Information System Security Certification Consortium (ISC)2
- Certified Information Systems Security Professional (CISSP)
- Certified Authorization Professional (CAP)
- Systems Security Certified Practitioner (SSCP)
- Certified Cloud Security Professional (CCSP)
- Information System Audit and Control Association (ISACA)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Systems Control (CRISC)
- Cybersecurity Practitioner Certification (CSX-P)
- Computing Technology Industry Association (CompTIA)
- Security+
- Cloud+
- Cloud Essentials+
- CompTIA Advanced Security Practitioner (CASP+)
- Global Information Assurance Certification (GIAC)
- Security Expert (GSE)
- Cloud Security Automation (GCSA)
- Systems and network Auditor (GSNA)
- Foundational Cybersecurity Technologies (GFACT)
- Cloud Security Essentials (GCLD)
- Security Essentials (GSEC)
- Cloud Penetration Tester (GCPN)
- Security Leadership (GSLC)
- Public Cloud Security (GPCS)
- Information Security Fundamentals (GISF)
- Microsoft Azure
- Azure Security Engineer Associate
- Azure Fundamentals
- Azure Solutions Architect Expert
- Amazon Web Services (AWS)
- Solutions Architect
- DevOps Engineer
- Cloud Practitioner
- Security – Specialty
- Security Essentials
- Vulnerability Scanning Vendor Specific Training/Certifications (Tenable, Qualys, BurpSuite, Saint, etc.)
Resume Submission
"*" indicates required fields
Role: Senior Compliance Analyst
Performs FedRAMP, DoD, and StateRAMP continuous monitoring activities in support of Cloud Service Providers (CSPs), in accordance with the FedRAMP Continuous Monitoring Strategy Guide, FedRAMP Continuous Monitoring Performance Management Guide, and any other applicable guidance or requirements.
Responsibilities
Advisory Services:
- Work directly with CSPs to provide advisory services throughout their FedRAMP authorization journey
- Meet with clients to assess needs and gaps, and to provide guidance on any system or process changes that will be required in order to achieve and maintain FedRAMP authorization
- Partner with CSP clients prior to initial authorization to develop a Continuous Monitoring plan to be ready prior to the initial assessment
- Advise clients on remediation planning as needed in response to vulnerability scanning and analysis
- Develop mitigation strategies in response to security alerts and advisories, in partnership with CSP clients
Data Collection & Analysis:
- Perform and analyze vulnerability scans in accordance with FedRAMP Vulnerability Scanning Requirements Guide
- Monitor and track remediation activities to ensure CSP compliance with the FedRAMP Continuous Monitoring Performance Management Guide
- Evaluate vulnerabilities for applicability, risk adjustments, false positives, vendor dependencies, and operational requirements
- Collect evidence for operational requirements and false positives
- Conduct ongoing security control monitoring
- Support clients with fulfilling the requirement to scan for DoD STIGs on a monthly basis
Documentation:
- Develop and maintain FedRAMP Plans of Action and Milestones (POA&Ms) for assigned client CSPs/CSOs
- Document security control and vulnerability scanning-related weaknesses on an at least monthly basis
- Produce monthly ConMon reporting for client CSPs/CSOs, including: Executive ConMon Summary, Vulnerability Scans, System Inventory, and Deviation Requests when needed
- Document justifications for all deviations including risk adjustments
Qualifications/Your Background
- 5+ years of direct continuous monitoring and vulnerability management experience on enterprise products or large enterprise
- Experience in program or project management, auditing, and/or control framework development and implementation
- Experience in compliance management related activities including Policy, Procedures and Standards documentation
- Proven ability to work and effectively prioritize in a highly dynamic work environment
- Professional certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) preferred
- Strong understanding of Industry standard compliance frameworks and Cyber Security Best Practices
- Prior exposure to and familiarity with FISMA, FedRAMP, FedRAMP+, and/or StateRAMP requirements for CSPs providing cloud-based offerings to the Federal government
Resume Submission
"*" indicates required fields