FedRAMP Analyst

Vaga não está no LinkedIn

🕒 Maio 18

☕ Washington – Remoto

☕ Washington – Remote

💵 $80.000 - $100.000 / ano

⏰ Tempo Integral

🟡 Pleno

🟠 Sênior

🧐 Analista

🦅 Patrocina Visto H1B

Esta empresa já patrocinou vistos H1B no passado.

Candidatar-se

Encontrar Vagas Remotas Similares

Receber Emails de Vagas Remotas

📊 Verifique sua pontuação de currículo para esta vaga

Melhore suas chances de conseguir uma entrevista verificando sua pontuação de currículo antes de se candidatar.

Enviar Currículo

Clearview AI

SiteLinkedInTodas as Vagas

11 - 50 funcionários

Fundada em 2017

🤖 Inteligência Artificial

🔐 Segurança

🏛️ Governo

Artificial Intelligence • Security • Government

Clearview AI é uma empresa sediada nos EUA que desenvolve e fornece software de reconhecimento facial e ferramentas investigativas usadas principalmente por forças de segurança, agências governamentais e militares. Sua plataforma combina imagens com um banco de dados proprietário muito extenso para acelerar a identificação de suspeitos, investigações criminais, recuperação de vítimas e operações de segurança nacional. A empresa enfatiza a precisão, escalabilidade e segurança/conformidade para clientes do setor público.

Descrição

• Execute the monthly FedRAMP CONMON calendar and ensure timely completion of all required artifacts and submissions. • Own monthly vulnerability remediation tracking: intake scan outputs, open/track remediation tickets, validate closure evidence, and ensure SLA adherence (e.g., 30/90/180-day timelines). • Maintain and update the Plan of Action and Milestones (POA&M): create/update POA&M items, document milestones, track due dates, coordinate risk statements with Legal, and route for approvals. • Generate and maintain monthly inventory and configuration evidence (e.g., Integrated Inventory Workbook/IIW updates, authorized software evidence, baseline/config drift support). • Prepare monthly CONMON reporting packages, including Monthly Security Status Reports, CONMON Executive Summary inputs, deviation requests, and other stakeholder reports required by the Sponsoring Agency, FedRAMP PMO, or Authorizing Official. • Prepare deviation and exception requests: gather technical justification, compensating control documentation, scope/impact statements, and route through required approvals. • Support continuous monitoring governance activities: access review evidence, log/monitoring review evidence, and coordination of corrective actions with Engineering and Security & IT. • Maintain the CONMON and ATO artifact repository in Google Drive (or designated system): version control, naming conventions, evidence indexing, and audit-ready structure. • Support annual security testing activities (e.g., penetration tests, red-team exercises if applicable, IR/ISCP tabletop exercises) by tracking schedules, collecting artifacts, and documenting remediation status. • Support annual 3PAO assessment coordination: evidence collection, interview scheduling, assessor Q&A tracking, and findings remediation tracking in partnership with the VP, Federal Operations. • Support significant change workflows: help determine compliance impact, document change narratives, update SSP appendices as required, and maintain change evidence for CONMON. • Track training compliance for federal systems (Rules of Behavior acknowledgements, required awareness training completion) in coordination with People Ops and Security & IT. • Serve as a primary day-to-day point of contact for internal stakeholders for FedRAMP evidence requests and compliance status updates; escalate risks and blockers to the VP, Federal Operations.

🎯 Requisitos

• 3+ years of experience in cybersecurity compliance, GRC, or operating regulated cloud environments (FedRAMP, DoD IL, CJIS, HIPAA, PCI, ISO 27001/42001, or similar). • Demonstrated experience executing continuous monitoring or recurring compliance reporting programs (monthly cadence preferred). • Working knowledge of NIST 800-53 and FedRAMP concepts (POA&M management, SSP/ATO artifact structure, assessment evidence expectations). • Experience coordinating vulnerability remediation tracking and translating technical findings into compliance artifacts (tickets, evidence, milestones, risk language). • Strong project management and organizational skills; ability to manage multiple deadlines and stakeholder inputs. • Excellent communication skills for producing audit-ready narratives, status reports, and executive summaries. • Comfort working with technical teams (Engineering, Security) to obtain evidence and validate remediation outcomes. • Experience using common tooling for evidence and workflow tracking (Google Drive, Jira/Linear, spreadsheets, ticketing systems). • Ability to manage confidential and sensitive cybersecurity information. • Candidates must be able to meet government security clearance requirements as required for this role. • **Preferred Qualifications:** • Direct experience supporting a FedRAMP Moderate/High authorization, annual 3PAO assessment, or agency ATO process. • Experience with SecondFront/Game Warden or other FedRAMP-adjacent platforms and inherited-control models. • Familiarity with vulnerability scanning, SIEM/log review concepts, and secure SDLC evidence (SAST/DAST, threat modeling). • Experience with evidence automation or compliance engineering approaches (repeatable evidence packets, templates, control mapping). • Relevant certifications (e.g., Security+, SSCP, CISSP Associate, CAP, CISA, PMP).

🏖️ Benefícios

• Medical, Dental, Vision, STD and LTD Plans • FSA - Medical and Dependent Care • EAP and wellness programs • 13 Paid Holidays • Unlimited PTO • Flexible work environment - 100% remote • 401(k) plan