Consultant-FedRAMP Security & Compliance–REF8902
About Creative Software
Founded in 1999, Creative Software is a global technology enabler and pioneer in Sri Lanka’s tech industry. We manage teams of high-performing, dedicated software engineers for our global clientele, providing them with end-to-end software development and maintenance services through team augmentation.
Embark on a Creative career that offers a dynamic work environment, competitive intern allowance, and room for personal and professional growth. Be part of a community of professionals, contributing to an inclusive culture that provides you with valuable local and global exposure. At Creative, we offer a variety of spaces that support work-life balance and integrates wellness into our workspace experience.
We are seeking an individual to support our software engineering team in designing, developing, and deploying cloud services that meet FedRAMP security requirements. This role is advisory and hands-on, focused on embedding security and compliance into cloud-native architectures from the outset of the software development lifecycle. The consultant will act as a subject-matter expert, guiding the engineering team on the implementation and ongoing adherence to the FedRAMP control baseline to enable the development of cloud services that process federal data or are intended for use by federal agencies.
Responsibilities
• Guide software engineering team on integrating FedRAMP security and privacy controls into cloud services during design, development, and deployment.
• Provide awareness, training, and practical guidance on FedRAMP concepts, requirements, and best practices to technical and non-technical stakeholders.
• Interpret the FedRAMP control catalog (e.g. based on NIST SP 800-53) and translate requirements into actionable technical and procedural controls.
• Advise on secure cloud architectures, CI/CD pipelines, infrastructure-as-code, and automation aligned with FedRAMP expectations.
• Collaborate with the team to ensure continuous compliance throughout the development lifecycle.
• Identify gaps and improvement opportunities related to FedRAMP compliance and recommend remediation strategies.
• Stay current with FedRAMP guidance, updates, and evolving federal cloud security requirements.
Qualifications
• Proven experience with FedRAMP compliance, assessments, or authorization processes.
• Strong understanding of cloud security principles and architectures (e.g. Azure, AWS, Google).
• Experience working with software development teams in agile or cloud-native environments.
• Working knowledge of NIST SP 800-53 security controls and their application in cloud systems.
• Ability to translate regulatory and compliance requirements into practical technical guidance.
• Strong communication skills with the ability to explain complex security concepts to diverse audiences.
Preferred
• Experience supporting FedRAMP Moderate or High impact level systems.
• Experience working with or supporting software solutions for U.S. federal agencies.
• Relevant certifications (e.g. CISSP, CISM, CCSP, AWS/Azure security certifications).