Security Authorization Specialist

About The Position

Requirements

• 7+ years of experience in security compliance, cybersecurity authorization, or GRC work, with deep, hands-on experience driving FedRAMP Moderate/High or DoD Impact Level packages.
• Strong, practical working knowledge of NIST 800-53 (Rev 4/5), NIST 800-37 (RMF), and FedRAMP-specific guidance and templates.
• Solid understanding of modern cloud environments and how cloud-native patterns (AWS services, containers, Kubernetes, CI/CD pipelines) map to technical controls.
• Proven success supporting 3PAO assessments, annual reviews, or agency ATO efforts from the vendor or integrator side.
• Exceptional written communication skills; a proven ability to produce assessor-ready technical documentation and clear control narratives.
• Active U.S. Top Secret (TS) security clearance required; eligibility for access to Sensitive Compartmented Information (SCI) required.
• Active professional security certification such as CISSP, CISM, or Security+.

Nice To Haves

• Hands-on experience with DoD IL4/IL5 authorizations, DISA Cloud Computing SRG, or agency-specific ATO processes.
• Experience with modern GRC and evidence automation platforms (e.g., Drata, Xacta, RegScale, or similar), including configuring integrations and building reusable evidence workflows.
• Exposure to infrastructure-as-code (Terraform) and cloud-native observability tooling in support of automated, continuous control evidence.
• Prior experience working in cleared or classified environments with government authorization stakeholders, and a strong interest in matters of national security.

Responsibilities

• Lead Authorization Work streams: Independently drive the end-to-end authorization lifecycle for Game Warden across FedRAMP and US agency ATO packages, managing initial authorizations, annual assessments, and significant change requests.
• Artifact Ownership: Author, refine, and maintain high-quality System Security Plans (SSPs), control implementation narratives, Plans of Action & Milestones (POA&Ms), and supporting authorization artifacts. Ensure everything accurately reflects our modern cloud architecture, controls, and operating reality.
• Proactive Continuous Monitoring: Manage day-to-day continuous monitoring activities, including monthly POA&M updates, vulnerability and patch reporting, significant change reviews, and annual control assessments. Drive findings and control gaps to closure with engineering teams.
• Technical Point of Contact: Serve as the primary front-line technical point of contact for 3PAOs, agency reviewers, and sponsor authorization officials during assessments, readiness reviews, and audits.
• Engineering Partnership: Partner closely with Product, Engineering, Security Operations, and Cybersecurity Assessment teams to map complex cloud-native controls to FedRAMP and NIST 800-53 requirements, ensuring defensible evidence collection.
• Translate Policy to Tech: Act as a bridge between compliance and engineering. Translate dense regulatory requirements into clear, actionable, technical guidance that developers can actually implement.
• Leverage GRC Automation: Utilize and help optimize our GRC and evidence automation tooling to streamline control mapping and evidence collection. Write basic scripts or queries (e.g., Python, Bash, SQL, simple API calls) to automate repetitive compliance tasks and save the team time.
• Process Evolution: Contribute to the continuous improvement of 2F’s authorization processes, tooling, and evidence workflows as we scale our portfolio across frameworks and environments.

Benefits

• Competitive Salary
• 100% Healthcare, vision and dental coverage
• 401(k) + 3% company contribution
• Equity incentive plan
• Tech + office supplies stipend
• Annual professional development stipend
• Flexible paid time off + federal holidays off
• Parental leave
• Work from anywhere
• Referral Bonus