Federal Compliance, Security Technical Program Manager

Core Weave-posted about 2 months ago
Full-time • Mid Level
Hybrid • San Francisco, CA
501-1,000 employees
Professional, Scientific, and Technical Services
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The CISO organization is responsible for executing and delivering CoreWeave's security, trust and assurance across its products, platforms, processes, and tools. The STA Federal Security Compliance team is building the foundation to align our larger GRC environment to federal cybersecurity requirements. As a Federal Security Compliance TPM, you will be a founding member of this newly created team, leading the charge to establish the governance program around USG federal regulations for the CoreWeave product suite. About the Role: This is a highly technical, hands-on leadership role. You will combine deep engineering skills with a comprehensive understanding of GRC principles to build out our compliance practices and work with our engineers to identify the correct, compliance solution. Your work will directly impact CoreWeave's ability to achieve certification, strengthen customer trust, and enable secure growth across all products and environments.

  • Own Agency‑ATO for FedRAMP High: Drive end‑to‑end authorization activities (plan, assess, authorize), including SSP, SAP, SAR, POA&M, Significant Change Requests, and audit‑ready evidence; coordinate with the agency AO and 3PAO through initial and annual assessments and package maintenance.
  • Run ConMon like a program: Lead monthly/quarterly/annual deliverables, vuln/patch SLAs, scan quality, inventory integrity, control effectiveness reviews, and multi‑agency collaboration mechanics.
  • Bridge compliance engineering: Translate NIST SP 800‑53 Rev. 5 / RMF / ISCM requirements into user stories, backlog items, and technical designs (logging/monitoring, IR, boundary definitions, inheritance, least privilege) in daily partnership with product engineering, security engineering, and operations.
  • Scale with automation (OSCAL strongly preferred): Use or help mature OSCAL artifacts/validation to streamline evidence and package updates; ensure documentation stays synchronized with deployed configurations.
  • Prepare for DoD IL5: Advise on Cloud SRG/SCCA/FedRAMP+ implications, boundary patterns, and inherited controls for IL4/IL5.
  • Support AI‑related governance (nice to have): Help product/security teams align AI features with NIST AI RMF and relevant OMB policy (e.g., M‑25‑21) without owning the enterprise AI program.
  • Deal support (as needed): Answer security questionnaires, map inherited controls, and guide reuse/leveraging conversations with agencies and DIB contractors.
  • 6+ years in cybersecurity/audit/compliance, including 4+ years directly in federal security programs (FedRAMP High/Moderate or NIST RMF) with hands‑on authorship of SSP/POA&M and coordination of assessments/3PAO.
  • Demonstrated experience running FedRAMP ConMon (monthly/quarterly/annual) and managing significant changes with agencies.
  • Strong working knowledge of NIST SP 800‑53 Rev. 5, SP 800‑37 (RMF), and SP 800‑137 (ISCM); able to map controls to real architectures and dev/ops workflows.
  • Multi‑cloud background (AWS GovCloud, Azure Government, Google Public Sector, or equivalent public/commercial regions) and comfort discussing shared responsibility/inheritance.
  • Certifications: CISSP or CISA (required).
  • Proven ability to work with engineers and translate compliance to technical speak, from control interpretation to actionable design and test criteria.
  • OSCAL content and validation pipeline experience (e.g., maintaining OSCAL‑based SSP/SAP/SAR/POA&M).
  • Prior work moving/sustaining federal workloads toward DoD IL5 (Cloud SRG, SCCA, FedRAMP+).
  • Kubernetes experience (EKS/AKS/GKE or on‑prem), container security (image signing, SBOMs, admission control, runtime policy).
  • Familiarity with NIST AI RMF and OMB M‑25‑21.
  • Additional certifications: CISM, CMMC RP (preferred) or equivalent (in addition to CISSP/CISA requirement).
  • Medical, dental, and vision insurance - 100% paid for by CoreWeave
  • Company-paid Life Insurance
  • Voluntary supplemental life insurance
  • Short and long-term disability insurance
  • Flexible Spending Account
  • Health Savings Account
  • Tuition Reimbursement
  • Ability to Participate in Employee Stock Purchase Program (ESPP)
  • Mental Wellness Benefits through Spring Health
  • Family-Forming support provided by Carrot
  • Paid Parental Leave
  • Flexible, full-service childcare support with Kinside
  • 401(k) with a generous employer match
  • Flexible PTO
  • Catered lunch each day in our office and data center locations
  • A casual work environment
  • A work culture focused on innovative disruption
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service