Compliance & Policy Analyst Agentic AI

Peraton Labs is seeking a Compliance & Policy Analyst to help establish maintain and mature the written compliance posture of our Agentic AI platform environment. This individual will play a critical role in ensuring our documented security and compliance artifacts accurately reflect the infrastructure controls and operational realities of the platform.

This role will own the development and maintenance of core compliance documentation including System Security Plans (SSPs) supporting policies and standard operating procedures POA&M management and audit evidence coordination. The ideal candidate is highly detail-oriented strong in policy and control documentation and comfortable working closely with platform and security engineers to translate technical implementation into clear auditor-ready language.

This is a high-trust role at the intersection of compliance policy and platform execution. The right candidate will serve as the connective tissue between what is written what is required and what is actually built and operated.

Key responsibilities may include but are not limited to:

• Own and maintain the written compliance posture of the Agentic AI platform
• Author update and evolve System Security Plans (SSPs) and related compliance artifacts in support of ATO and broader assessment efforts
• Develop additional SSPs and associated documentation required to support expanding authorization needs
• Build organize and maintain a comprehensive security policy and SOP library aligned to relevant control frameworks
• Manage POA&Ms including documenting gaps tracking remediation progress and maintaining visibility into open items
• Coordinate and run evidence collection cycles in support of internal reviews external assessments and audit activities
• Serve as the primary compliance point of contact for internal auditors external assessors and compliance stakeholders
• Partner closely with platform cloud and security engineers to validate that documented control narratives accurately reflect implemented infrastructure and operational practices
• Review architecture diagrams infrastructure-as-code technical diagrams and engineering documentation to ensure compliance materials remain accurate and defensible
• Help ensure consistency traceability and quality across all compliance documentation and supporting artifacts
• Identify documentation gaps policy inconsistencies or control narrative issues early and drive them to resolution
• Support the maturation of repeatable compliance processes that strengthen audit readiness over time

Required Qualifications

• Minimum of BS with 5 years of experience MS/PhD with 3 years of experience in security compliance GRC cybersecurity policy or related compliance-focused roles
• Deep hands-on experience authoring and maintaining System Security Plans (SSPs) aligned to NIST 800-171 and NIST 800-53
• Demonstrated experience supporting systems through ATO efforts formal security assessments and/or CMMC readiness activities
• Experience managing POA&Ms coordination remediation tracking and running structured evidence collection cycles
• Strong background serving as a primary point of contact for auditors assessors and compliance stakeholders
• Proven ability to build and maintain policy libraries standards and SOPs aligned to a formal control framework
• Ability to read and interpret architecture diagrams infrastructure-as-code and technical documentation well enough to validate that control narratives reflect implemented reality
• Working knowledge of AWS and cloud-native environments including concepts such as EKS IAM logging encryption and cloud security controls
• Exceptional attention to detail with the ability to identify vague conflicting or incomplete documentation and drive clarity
• Strong written communication skills with the ability to translate technical implementation into concise auditor-ready language
• US Citizenship is required for this position

Desired Qualifications

• Experience supporting CMMC Level 2 preparation assessment or sustainment activities
• Background contributing to FedRAMP or DoD ATO packages
• Experience working in highly technical cloud or platform environments where security controls must be mapped directly to operational systems
• Familiarity with evidence management control traceability and structured documentation practices in regulated environments
• Experience collaborating closely with cloud DevSecOps or platform engineering teams
• Ability to operate effectively in an environment where compliance maturity is actively being built and refined

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit to learn how were keeping people around the world safe and secure.