Sr. Security Manager, Public Sector

About The Position

Requirements

• Basic BA or BS degree or equivalent work experience
• 8+ years of experience with security controls and compliance related to NIST and FedRAMP
• Experience with risk management frameworks, including risk ratings and the ability to contextualize data based on risk (e.g., utilizing CVSS, CVE, NVD, NIST, DOD SRG)
• Experience automating audit evidence collection across security and compliance frameworks (e.g., FedRAMP, NIST 800-53)
• Experience with compliance and assessment of cloud native platforms and services (Data warehouse, Service Mesh, Container Images and Microservices Orchestration)
• DoD 8140 or 8570 baseline certification (e.g., Sec +, CISSP, CISM, or CASP+)
• Must be able to pass a Public Trust or Tier 3 Background Investigation
• Experience with NIST SP 800-53 and the Risk Management Process
• Experience leading through influence, building trust with stakeholders across a remote, global organization

Nice To Haves

• Experience creating and utilizing reports from security monitoring tools such as Tenable, Sysdig, Splunk, Windows Defender, Sentinel Log Analytics (or similar) products or capabilities
• Experience driving Audit ready requirements for CNSSI 1253, and the DoD Cloud Computing SRG 3PAO Assessments and Authorizations
• Proven track record in rapid-growth, dynamic cloud enterprise environments alongside expertise in Xacta or eMASS, and familiarity with frameworks such as The International Traffic in Arms Regulations (ITAR) or TexRAMP
• Experience navigating the OSCAL FedRAMP modernization initiative, NIST AI standards, and the implementation of AI Guardrails

Responsibilities

• Drive the full lifecycle from system categorization to receiving formal ATO for Federal and DoD information systems
• Develop and maintain Assessment and Authorization artifacts including the System Security Plan (SSP), Security Assessment Plan (SAP), and all Appendix Plans
• Ensure all ATO package deliverables are audit-ready and align with NIST FedRAMP Special Publications, CNSSI 1253 and the DoD Cloud SRG
• Lead mature security reviews across core products, microservices, and native cloud environments with high-fidelity artifacts and evidence
• Maintain and help mature the risk management process using NIST 800-30 or 37 to ensure compliance and proactive risk reduction
• Improve risk visibility by integrating data from multiple manual or automated assessments and internal audits
• Develop playbooks and procedures to support technical teams in executing compliance initiatives
• Present risk in context-regulatory, business, or cybersecurity to ensure alignment with Executive Leadership guidance
• Maintain and deliver timely Continuous Monitoring (ConMon) and remediation strategies
• Collaborate with security teams to operationalize new capabilities that support risk reduction and remediation actions
• Work with Prod or Dev, Sec Architecture, and Infrastructure teams to mitigate systemic vulnerabilities and operationalize known security gaps
• Drive the remediation of vulnerabilities, ensuring the Plan of Action and Milestones (POA and M) is accurate and reported monthly
• Implement mandatory actions from CISA Emergency Directives and DoD IAVM alerts
• Drive strategic collaboration and product enablement to ensure timely internal security reviews of new products and features prior to deployment
• Partner with product and infrastructure teams to align workstreams and assess security solutions for US public sector requirements
• Serve as the lead for responding to complex customer security questionnaires and providing guidance for FedRAMP, StateRAMP, and DoD SRG milestones
• Join high-level briefings to explain security posture and compliance inheritance to prospective Government clients

Benefits

• Bonus: Sales personnel are eligible for variable incentive pay dependent on their achievement of pre-established sales goals. Non-Sales roles are eligible for a company bonus plan, which is calculated as a percentage of eligible wages and dependent on company performance.
• Stock: This role is eligible to receive Restricted Stock Units (RSUs).
• Global benefits provide options for the following: Paid Time Off: earned time off, as well as paid company holidays based on region
• Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement
• Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment
• Retirement Plans: select retirement and pension programs with potential for employer contributions
• Learning and Development: options for coaching, online courses and education reimbursements
• Compassionate Care Leave: paid time off following the loss of a loved one and other life-changing events