Senior Government Product Security Analyst
San Mateo, CA, USA
There is only one Data Cloud. Snowflake’s founders started from scratch and designed a data platform built for the cloud that is effective, affordable, and accessible to all data users. But it didn’t stop there. They engineered Snowflake to power the Data Cloud, where thousands of organizations unlock the value of their data with near-unlimited scale, concurrency, and performance. This is our vision: a world with endless insights to tackle the challenges and opportunities of today and reveal the possibilities of tomorrow.
Senior Government Product Security Analyst will work across functional teams including Snowflake Engineering, IT, HR, Legal, and Internal Audit to ensure government product security control requirements are implemented and monitored to satisfy FedRAMP Moderate, FedRAMP High, FedRAMP+ IL4, FedRAMP+ IL5, ITAR, IRAP, CJIS, IRS 1075, as well as European, Asian, and other government compliance frameworks. The candidate will also interface with government customers and third-party assessment organizations during assessments.
The successful candidate will already have several years of technical experience working in a FedRAMP authorized cloud software company or with a Third-Party Assessment Organization (3PAO) assessing CSPs at various impact levels/system categorizations. The candidate will have already seen and been a part of solutions to address the FedRAMP High, IL4, and IL5 control implementations.
TASKS & RESPONSIBILITIES:
- Review and determine applicability of requirements of government compliance frameworks and agencies
- Collaborate with cross-functional teams to determine appropriate controls to meet the requirements
- Support Governance, Risk, and Compliance continuous monitoring program surrounding FedRAMP and IRAP controls
- Assess and gather evidence to support adherence to compliance requirements as it relates to NIST 800-53 Rev. 4, FedRAMP Overlay, and the IRAP Information Security Manual (ISM).
- Review and identify FedRAMP and IRAP controls to communicate control requirements to internal stakeholders
- Support FedRAMP (Moderate, High, IL4, IL5) and IRAP assessments to communicate Snowflake’s security posture and ensure proper scoping
- Assist in evidence gathering and control monitoring of government compliance audits
- Validate on-going compliance of policies and procedures in support of requirements
- Work with our Security Team to improve policy and procedure documentation
- Follow up with internal stakeholders to ensure completion of security-related tasks and controls
- Conduct monthly, quarterly and annual reviews of security controls including Plan of Actions & Milestones (POA&M) and vulnerability scanning.
- Ensure relevant stakeholders within Engineering understand their responsibilities in support of the Policies
- Ensure stakeholders have developed and are maintaining appropriate Procedure documentation to support the Policies
REQUIRED EXPERIENCE & SKILLS:
- Work Experience
- Must have exceptional, years-long relationship with FedRAMP PMO
- Minimum of 7 years prior responsibility for managing security compliance audits of cloud environments (AWS, Azure, and GCP) or assessing cloud environments against FedRAMP, ITAR, and IRAP controls.
- Confidently assessed and communicated risk based on business objectives
- Track record of successfully improving controls, policies, and procedures to meet security requirements
- Technical and Interpersonal Skills
- Technical understanding of AWS GovCloud, Azure Government, or GCP cloud platforms, including how components and services are used and secured against FedRAMP, ITAR, and IRAP controls.
- Technical Audit of Government production systems
- Comfortable with JIRA
- Natural curiosity and interest in solving complex problems
- Superior written and verbal communication skills - including presentation skills
- Exceptionally organized
- Preferred Experience & Skills
- Expertise in FedRAMP, ITAR, and IRAP security control requirements (NIST 800-53, etc.)
- Service Delivery or Audit background (IT, Engineering, Security) with referenceable “customers”
Snowflake is growing fast, and we’re scaling our team to help enable and accelerate our growth. We are looking for people who share our values, challenge ordinary thinking, and push the pace of innovation while building a future for themselves and Snowflake.
How do you want to make your impact?