US Public Sector Compliance Analyst
About The Position
Are you interested in helping shape how cybersecurity works across the US public sector while building a strong foundation in Trust, Risk, and Compliance (TRC)? This role offers the opportunity to grow your career while contributing directly to Rapid7’s mission of making the digital world safer. As a Trust, Risk, and Compliance Analyst, you will support Rapid7’s expanding US Public Sector compliance programs, including FedRAMP, GovRAMP, TX-RAMP, and COV-RAMP. As part of the Trust, Risk, and Compliance team within the broader Information Security organization, you will help build, operate, and continuously improve scalable compliance and risk management programs that enable our Federal and SLED customers to succeed. This role is based in Boston and/or Arlington and is part of a team that values collaboration, curiosity, balance, and continuous learning.
Requirements
- 2-5 years of experience (or equivalent academic, internship, or early-career experience) in cybersecurity, risk, compliance, governance, or cloud security (Candidates with slightly more experience are welcome to apply)
- Foundational knowledge of NIST 800-53 and/or NIST 800-171
- Interest in US Government and SLED cybersecurity programs (FedRAMP, GovRAMP, StateRAMP)
- Experience or familiarity with ATO-focused GRC platforms such as Paramify, ServiceNow GRC, Onspring, or RegScale
- Ability to understand and document both policy-based and technical security controls
- Strong analytical skills, attention to detail, and comfort working with structured documentation
- Clear written and verbal communication skills
- A curious, collaborative mindset and eagerness to learn
Nice To Haves
- Exposure to AWS or cloud-based environments
- Familiarity with vulnerability management, security scanning, or cloud security concepts
- Experience or interest in POA&M workflows, continuous monitoring, or risk remediation
- Familiarity with frameworks such as FISMA, CMMC, StateRAMP, or ISO 27001
- Interest in compliance automation, OSCAL, or policy-as-code approaches
- Early-career certifications or coursework in cybersecurity, cloud security, or information assurance
Responsibilities
- Support day-to-day activities for Rapid7’s US Public Sector compliance programs, with a primary focus on FedRAMP
- Assist in maintaining compliance documentation, including policies, procedures, system security plans (SSPs), authorization artifacts, and supporting evidence
- Support continuous monitoring (ConMon) activities, including ongoing evidence collection and reporting
- Assist in managing Plans of Action & Milestones (POA&Ms), including tracking remediation progress, timelines, and risk ownership
- Track and support control implementation aligned to NIST 800-53 rev. 5 and NIST 800-171
- Use ATO-focused GRC platforms such as Paramify, ServiceNow GRC, Onspring, or RegScale to manage compliance status, risks, and findings
- Partner with Engineering and Security teams to understand technical control implementations, vulnerabilities, and remediation plans
- Support audit and assessment readiness activities, including ATO packages and regulatory reporting
- Assist with vendor reviews, including Control Implementation Summaries (CIS) and Customer Responsibility Matrices (CRM)
- Help identify opportunities to improve GRC, POA&M, and ConMon processes through standardization, automation, and improved data quality
- Gain hands-on exposure to evolving requirements such as CMMC, new Executive Orders, and emerging US public sector cybersecurity initiatives
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
Education Level
No Education Listed
Number of Employees
501-1,000 employees
