FedRAMP SME — Quality Assurance (QA) Reviewer / Advisor

C2 Labs•Washington, DC

13d•Remote

About The Position

C2 Labs is seeking an experienced FedRAMP SME to serve as a quality gate and advisor for our authorization acceleration and ConMon managed service work (FedRAMP 20X primary, with legacy Rev. 5 support as needed). This is an ideal role for a seasoned FedRAMP practitioner who enjoys coaching teams and improving deliverable quality. What you’ll do · QA and redline FedRAMP deliverables (20X KSI summaries and/or legacy SSP/policies/plans). · Validate evidence traceability and readiness prior to assessor/sponsor interactions. · Coach writers/consultants on FedRAMP documentation and common review pitfalls. · Help define internal quality standards and “definition of done” checklists. What we’re looking for · 8+ years experience delivering FedRAMP authorizations and/or ConMon (CSP, assessor/3PAO, advisory, or agency sponsor). · CISSP, CISM, or similar security certification · Deep knowledge of NIST 800-53 control intent, evidence expectations, and how to translate implementation into defensible narratives. · Strong technical editing and QA mindset; can turn complex feedback into clear, prioritized actions. · Comfort engaging with senior customer stakeholders, assessors, and GRC/engineering teams. · Ability to work independently and provide timely review cycles within delivery timelines. Nice to have · Bachelors degree in IT, Cybersecurity, or related field · Hands-on experience with FedRAMP 20X concepts (KSIs, pass/fail criteria, persistent validation cycles). · CISSP, CISM, or similar security certifications. · Experience with OSCAL and/or GRC automation platforms (RegScale preferred). · Experience supporting Azure Government or other government cloud environments. Engagement details · 1099 independent contractor (initial engagement); review-based cadence with surge capacity for major milestones. · Remote-first; occasional on-site support only if requested for workshops/assessments (rare). · No clearance required; must be able to pass a standard background check and sign NDA/SOW. · Flexible hours; responsive review turnaround is important.

Requirements

8+ years experience delivering FedRAMP authorizations and/or ConMon (CSP, assessor/3PAO, advisory, or agency sponsor).
CISSP, CISM, or similar security certification
Deep knowledge of NIST 800-53 control intent, evidence expectations, and how to translate implementation into defensible narratives.
Strong technical editing and QA mindset; can turn complex feedback into clear, prioritized actions.
Comfort engaging with senior customer stakeholders, assessors, and GRC/engineering teams.
Ability to work independently and provide timely review cycles within delivery timelines.

Nice To Haves

Bachelors degree in IT, Cybersecurity, or related field
Hands-on experience with FedRAMP 20X concepts (KSIs, pass/fail criteria, persistent validation cycles).
CISSP, CISM, or similar security certifications.
Experience with OSCAL and/or GRC automation platforms (RegScale preferred).
Experience supporting Azure Government or other government cloud environments.

Responsibilities

QA and redline FedRAMP deliverables (20X KSI summaries and/or legacy SSP/policies/plans).
Validate evidence traceability and readiness prior to assessor/sponsor interactions.
Coach writers/consultants on FedRAMP documentation and common review pitfalls.
Help define internal quality standards and “definition of done” checklists.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume