Senior Compliance Operations Engineer - Public Sector

About The Position

Requirements

• 7+ years of hands-on experience in cloud security engineering, compliance operations, or GRC roles, with at least 4+ years directly supporting FedRAMP Moderate/High and DoD IL4/IL5 authorizations.
• In-depth expertise in NIST SP 800-53 Rev. 5, FedRAMP baselines (especially High), DoD Cloud SRG, and associated control overlays for IL5.
• Proven track record implementing and operating continuous monitoring in production FedRAMP and DoD IL4/IL5 environments, including vulnerability management, configuration compliance, and audit evidence generation.
• Experience with DoD-specific tools/processes (e.g., eMASS, ACAS, HBSS, STIGs).
• Experience with DoD BCAP architecture and configuration.
• Strong experience with cloud platforms in government spaces (AWS GovCloud, Azure Government, Google Cloud for Government, or equivalent) and associated security services.
• Proficiency in automation/scripting (Python, Bash, PowerShell) and Infrastructure as Code (Terraform, Ansible, Puppet/Chef preferred).
• Familiarity with tools for compliance automation and scanning (e.g., Chef InSpec, OpenSCAP, Qualys, Tenable, AWS-native tools, Azure Security Center).
• U.S. Citizenship required (due to handling of CUI and potential access to controlled environments).
• Knowledge of additional frameworks that overlap with FedRAMP/DoD (e.g., CMMC, NIST 800-171/172, FISMA).
• Candidates must meet EAR part 772 and ITAR 120.15 definition of a U.S. person (Any individual who is granted U.S. citizenship; or any individual who is granted U.S. permanent residence (green card holder); or any individual who is granted status as a "protected person") and that t hey re side in the contiguous United States.

Nice To Haves

• Ability to obtain and maintain a U.S. Secret or higher security clearance (active clearance strongly preferred).
• Active security certifications such as CISSP, CCSP, CISM, AWS/GCP/Azure Security Specialty, or DoD 8570/8140 IAT Level III / IAM Level III.

Responsibilities

• Document security controls and architectures that satisfy FedRAMP High baseline requirements and DoD Cloud Computing Security Requirements Guide (SRG) overlays for Impact Level 5 (including handling of high-sensitivity CUI and unclassified National Security Systems).
• Oversee continuous monitoring (ConMon) programs including vulnerability scanning, configuration monitoring, log aggregation/analysis, boundary protection validation, and monthly/ongoing reporting to meet FedRAMP and DoD expectations.
• Translate NIST 800-53 Rev. 5 controls and DoD-specific enhancements into operational requirements; partner with engineering, DevOps, and product teams to embed compliance into their processes.
• Lead preparation, evidence collection, and remediation for FedRAMP reassessments, 3PAO audits, DoD Provisional Authorizations, Significant Change Requests (SCRs), and contribute to Plan of Action & Milestones (POA&M) management.
• Automate compliance validation for control implementation verification and drift detection.
• Conduct technical risk assessments, root-cause analysis on compliance findings, and provide guidance for implementation of compensating controls or hardening measures in cloud environments.
• Support incident response and boundary protection activities in IL5 environments, ensuring alignment with DoD policies for mission-critical workloads.
• Maintain and update compliance documentation including System Security Plans (SSP), control implementation descriptions, architectural diagrams, and boundary definitions.
• Collaborate cross-functionally with legal, product, engineering, and federal customer teams to scope new features/services while preserving authorization boundaries.
• Mentor others on FedRAMP/DoD compliance best practices and contribute to internal training programs.
• Align and coordinate complex, cross-functional federal programs/projects which include FedRAMP and/or DoD authorizations and/or the operational process requirements needed to meet ongoing operational requirements.