Security Authorization Specialist
New
S
Second Front SystemsNational Security
DC/Maryland/Virginia, Raleigh/Durham/Chapel Hill, NC, Denver/Colorado Springs, CO, Dallas/Fort Worth, TXFull-TimeMiddle
Salary119000 - 160000 USD per year
Apply NowOpens the employer's application page
Job Details
- Experience
- 5+ years
- Required Skills
- AWSPythonSQLBashKubernetesCI/CDRESTful APIsTerraform
Requirements
- 5+ years of experience in security compliance, authorization, or GRC work, with hands-on FedRAMP experience
- Demonstrated success authoring and maintaining SSPs, POA&Ms, control narratives, and continuous monitoring artifacts for US federal authorization programs
- Strong working knowledge of NIST 800-53, NIST 800-37 (RMF), and FedRAMP-specific guidance and templates
- Practical understanding of modern cloud architectures and how common cloud-native patterns (AWS services, containers, Kubernetes, CI/CD) map to technical controls
- Experience supporting 3PAO assessments, annual reviews, or agency ATO efforts from a vendor or integrator side
- Excellent written communication; able to produce assessor-ready documentation and control language
- Active U.S. Top Secret (TS) security clearance required; eligibility for access to Sensitive Compartmented Information (SCI) required
- Active professional security certification such as CISSP, CISM, or Security+
- Experience with DoD IL4/IL5 authorizations, DISA SRG, or agency-specific ATO processes (Preferred)
- Familiarity with additional frameworks such as NIST 800-171, CMMC, ISO 27001, or NCSC cloud security principles (Preferred)
- Hands-on experience with GRC and evidence automation platforms (e.g., Drata, Xacta, or similar) (Preferred)
- Exposure to infrastructure-as-code, observability, and cloud-native tooling in support of continuous control evidence (e.g., Terraform, AWS Config) (Preferred)
- Prior experience working in cleared or classified environments and with government authorization stakeholders (Preferred)
Responsibilities
- Own the authorization workstreams for Game Warden across FedRAMP and US agency ATO packages, including initial authorizations, annual assessments, and significant change requests
- Author and maintain System Security Plans (SSPs), control implementation narratives, Plans of Action & Milestones (POA&Ms), and supporting authorization artifacts
- Drive continuous monitoring activities including monthly POA&M updates, vulnerability and patch reporting, significant change reviews, and annual control assessments
- Serve as a technical point of contact for 3PAOs, agency reviewers, and sponsor authorization officials during assessments, readiness reviews, and audits
- Partner closely with Product, Engineering, Security Operations, and Cybersecurity Assessment teams to map technical controls to FedRAMP and NIST 800-53 requirements
- Translate complex regulatory requirements into clear, actionable guidance that engineering teams can implement
- Use and help improve our GRC and evidence automation tooling to streamline control mapping, evidence collection, and continuous monitoring, writing basic scripts or queries (e.g., Python, Bash, SQL, simple API calls)
- Contribute to the evolution of 2F’s authorization processes, tooling, and evidence workflows as we scale our portfolio across frameworks and environments
View Full Description & ApplyYou'll be redirected to the employer's site
