Second Front SystemsRemote
Security Authorization Specialist
District of Columbia, United States of America
Full Time
2 hours ago
$119,000 - $160,000 USD
No Visa Sponsorship
Key skills
AWSCloudCyber SecurityKubernetesTypeScriptCI/CDCommunication
About this role
Role Overview
- Lead Authorization Work streams: Independently drive the end-to-end authorization lifecycle for Game Warden across FedRAMP and US agency ATO packages
- Artifact Ownership: Author, refine, and maintain high-quality System Security Plans (SSPs), control implementation narratives, Plans of Action & Milestones (POA&Ms), and supporting authorization artifacts
- Proactive Continuous Monitoring: Manage day-to-day continuous monitoring activities, including monthly POA&M updates, vulnerability and patch reporting, significant change reviews, and annual control assessments
- Technical Point of Contact: Serve as the primary front-line technical point of contact for 3PAOs, agency reviewers, and sponsor authorization officials during assessments, readiness reviews, and audits
- Engineering Partnership: Partner closely with Product, Engineering, Security Operations, and Cybersecurity Assessment teams to map complex cloud-native controls to FedRAMP and NIST 800-53 requirements
- Translate Policy to Tech: Act as a bridge between compliance and engineering
- Leverage GRC Automation: Utilize and help optimize GRC and evidence automation tooling to streamline control mapping and evidence collection
- Process Evolution: Contribute to the continuous improvement of 2F’s authorization processes.
Requirements
- 7+ years of experience in security compliance, cybersecurity authorization, or GRC work
- Strong, practical working knowledge of NIST 800-53 (Rev 4/5), NIST 800-37 (RMF), and FedRAMP-specific guidance and templates
- Solid understanding of modern cloud environments and how cloud-native patterns (AWS services, containers, Kubernetes, CI/CD pipelines) map to technical controls
- Proven success supporting 3PAO assessments, annual reviews, or agency ATO efforts from the vendor or integrator side
- Exceptional written communication skills; a proven ability to produce assessor-ready technical documentation and clear control narratives
- Active U.S. Top Secret (TS) security clearance required; eligibility for access to Sensitive Compartmented Information (SCI) required
- Active professional security certification such as CISSP, CISM, or Security+.
Tech Stack
- AWS
- Cloud
- Cyber Security
- Kubernetes
- TypeScript
Benefits
- Competitive Salary
- 100% Healthcare, vision and dental coverage
- 401(k) + 3% company contribution
- Equity incentive plan
- Tech + office supplies stipend
- Annual professional development stipend
- Flexible paid time off + federal holidays off
- Parental leave
- Work from anywhere
- Referral Bonus