FedRAMP Analyst

Key Responsibilities

• Execute the monthly FedRAMP CONMON calendar and ensure timely completion of all required artifacts and submissions.
• Own monthly vulnerability remediation tracking: intake scan outputs open/track remediation tickets validate closure evidence and ensure SLA adherence (e.g. 30/90/180-day timelines).
• Maintain and update the Plan of Action and Milestones (POA&M): create/update POA&M items document milestones track due dates coordinate risk statements with Legal and route for approvals.
• Generate and maintain monthly inventory and configuration evidence (e.g. Integrated Inventory Workbook/IIW updates authorized software evidence baseline/config drift support).
• Prepare monthly CONMON reporting packages including Monthly Security Status Reports CONMON Executive Summary inputs deviation requests and other stakeholder reports required by the Sponsoring Agency FedRAMP PMO or Authorizing Official.
• Prepare deviation and exception requests: gather technical justification compensating control documentation scope/impact statements and route through required approvals.
• Support continuous monitoring governance activities: access review evidence log/monitoring review evidence and coordination of corrective actions with Engineering and Security & IT.
• Maintain the CONMON and ATO artifact repository in Google Drive (or designated system): version control naming conventions evidence indexing and audit-ready structure.
• Support annual security testing activities (e.g. penetration tests red-team exercises if applicable IR/ISCP tabletop exercises) by tracking schedules collecting artifacts and documenting remediation status.
• Support annual 3PAO assessment coordination: evidence collection interview scheduling assessor Q&A tracking and findings remediation tracking in partnership with the VP Federal Operations.
• Support significant change workflows: help determine compliance impact document change narratives update SSP appendices as required and maintain change evidence for CONMON.
• Track training compliance for federal systems (Rules of Behavior acknowledgements required awareness training completion) in coordination with People Ops and Security & IT.
• Serve as a primary day-to-day point of contact for internal stakeholders for FedRAMP evidence requests and compliance status updates; escalate risks and blockers to the VP Federal Operations.

Skills Knowledge and Expertise

• 3 years of experience in cybersecurity compliance GRC or operating regulated cloud environments (FedRAMP DoD IL CJIS HIPAA PCI ISO 27001/42001 or similar).
• Demonstrated experience executing continuous monitoring or recurring compliance reporting programs (monthly cadence preferred).
• Working knowledge of NIST 800-53 and FedRAMP concepts (POA&M management SSP/ATO artifact structure assessment evidence expectations).
• Experience coordinating vulnerability remediation tracking and translating technical findings into compliance artifacts (tickets evidence milestones risk language).
• Strong project management and organizational skills; ability to manage multiple deadlines and stakeholder inputs.
• Excellent communication skills for producing audit-ready narratives status reports and executive summaries.
• Comfort working with technical teams (Engineering Security) to obtain evidence and validate remediation outcomes.
• Experience using common tooling for evidence and workflow tracking (Google Drive Jira/Linear spreadsheets ticketing systems).
• Ability to manage confidential and sensitive cybersecurity information.
• Candidates must be able to meet government security clearance requirements as required for this role.

• Direct experience supporting a FedRAMP Moderate/High authorization annual 3PAO assessment or agency ATO process.
• Experience with SecondFront/Game Warden or other FedRAMP-adjacent platforms and inherited-control models.
• Familiarity with vulnerability scanning SIEM/log review concepts and secure SDLC evidence (SAST/DAST threat modeling).
• Experience with evidence automation or compliance engineering approaches (repeatable evidence packets templates control mapping).
• Relevant certifications (e.g. Security SSCP CISSP Associate CAP CISA PMP).

Benefits

• Medical Dental Vision STD and LTD Plans
• FSA - Medical and Dependent Care
• EAP and wellness programs
• 13 Paid Holidays
• Unlimited PTO
• Flexible work environment - 100% remote
• 401(k) plan