Field CISO

About The Position

Requirements

• Cloud Infrastructure (AWS / Azure / GCP) —Deep understanding of cloud service authorization scoping. You must know which AWS services are FedRAMP authorized in commercial regions vs. GovCloud, when GovCloud is required (High/IL4) vs. when commercial regions suffice (Moderate), and how GCP Assured Workloads differs from the standard GCP model. Intelligently guide customers on topics related to network architecture, subnet design, cross-account connectivity, and multi-region strategies.
• FedRAMP & NIST 800-53 Compliance Architecture — Working knowledge of FedRAMP Moderate, High, and DoD IL4/IL5 control baselines. You need to explain the difference between impact levels, map customer architectures to control families, understand ATO inheritance models, and speak fluently about the SSP and authorization package, POA&Ms, deviation rationales, and continuous monitoring requirements. You should understand FedRAMP Rev 5 and be tracking FedRAMP 20x developments.
• Container Security & Software Supply Chain — FIPS-compliant container images: You will field questions about hardened base images from supply chain vendors, explain how software bill of materials (SBOM) scanning works, guide customers through CVE remediation workflows, and assist with image provenance and signing.
• Kubernetes & Service Mesh — Working knowledge of EKS, AKS and GKE. You need hands-on experience with Kubernetes networking, pod security policies, and service mesh architectures (Istio, Linkerd, AWS App Mesh). The most common deep-dive question: how to achieve FIPS-validated mTLS for all pod-to-pod communication. You should understand sidecar injection, Helm chart management, and the security implications of different ingress controllers.
• Infrastructure as Code & CI/CD — You must be comfortable reviewing Terraform, Pulumi, CloudFormation, or Ansible configurations and identifying NIST compliance gaps. You need to explain CI/CD best practices and compliant configurations, and help customers architect their deployment pipelines.
• Identity & Access Management — Technical understanding of SAML and OIDC implementations. Assisting customers with integrating Okta, Azure AD, or agency-specific identity providers. You should understand CAC/PIV smartcard authentication for DoD customers, MFA enforcement, session management requirements, and how PAM solutions function.
• Cryptography & Data Protection — You need practical knowledge of FIPS 140-2/3 validation, encryption in transit (TLS configuration, mTLS between services), encryption at rest (KMS key management, key rotation), and data isolation strategies for multi-tenant architectures (per-tenant encryption keys, crypto-shred on customer departure).
• Due to the nature of our work with federal government clients and compliance with applicable regulations, this position requires U.S. citizenship. Candidates must be able to provide documentation verifying U.S. citizenship status as part of the background check process.
• Any offer of employment is contingent upon the successful completion of all required pre-employment screenings, including a background check, in accordance with applicable laws and government contract requirements.

Nice To Haves

• Third-party ecosystem knowledge — Which security, monitoring, and DevOps tools are FedRAMP authorized and at what levels. Knowing the authorized alternatives for common tools.
• FedRAMP 20x awareness — The program is in pilot and evolving. Understanding real-time automated compliance reporting and how it differs from traditional annual audits positions you to advise customers on future-proofing.
• Multi-cloud architecture — Some customers operate across AWS and GCP, or Azure and AWS. Experience architecting cross-cloud connectivity while maintaining FedRAMP boundary integrity.
• 3PAO assessment experience — Familiarity with the audit process from a 3PAO. Understanding what auditors expect helps you prepare customers proactively.
• DoD IL4/IL5 specific requirements — Understanding the additional data isolation and access restrictions that apply at impact levels beyond FedRAMP High and DISA IL-4.
• Federal go-to-market context — Not selling, but understanding how agencies evaluate and procure software, how the FedRAMP Marketplace works, and what agency risk acceptance processes look like.

Responsibilities

• Architecture Reviews — Evaluate customer infrastructure diagrams, data flows, and network topologies against FedRAMP requirements. Identify red flags.
• Gap Analysis Walkthroughs — Present scanning results (NIST 800-53 gaps, vulnerability scans, DAST/pen test, IaC scans) to customer engineering teams. Translate findings into actionable remediation steps.
• Remediation Guidance — Help customers work through all findings: replacing non-authorized third-party services, hardening container images, enabling encryption in transit, configuring identity federation, and tightening policies.
• Sub-Processor Assessment — Evaluate whether a customer's third-party tools (monitoring, logging, CDN, auth, ITSM) are FedRAMP authorized or not.
• Deployment Planning — Guide customers through deploying into Knox's cloud: CI/CD pipeline configuration, secrets management, service mesh configuration, and database migration.
• Compliance Translation — Bridge the gap between FedRAMP control language and engineering implementation. Explain what NIST 800-53 controls mean in terms of Terraform configs, Kubernetes manifests, and CI/CD pipelines and cloud configuration across AWS, Azure and GCP.
• Ongoing Technical Support — Help customers interpret scan results, develop deviation rationales for findings that can't be directly remediated, and plan architecture changes that maintain compliance.

Benefits

• Knox offers a competitive employee benefits package including Medical, Dental, Vision, Life & Disability, unlimited PEO, and an employee funded 401k plan. Please note, benefits are subject to change.
• We are an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, veteran status, or any other legally protected status.