PREDICTIONRemote
Cybersecurity and Compliance Engineer, Federal Programs
United States of America
Full Time
2 days ago
No H1B
Key skills
NIST 800-53NIST 800-171FedRAMP authorization processCMMC assessmentSystem Security Plan (SSP) development3PAO and C3PAO coordinationNIST AI Risk Management Framework (AI RMF)Generative AI Profile (NIST AI 600-1)DoD Impact Levels IL4DoD Impact Levels IL5DoD Impact Levels IL6ICD 503CISSPCISMCAPCCSPCMMC Registered PractitionerAIGenerative AI
About this role
PREDICTION is focused on building the AI workforce for national security, providing secure infrastructure and mission-ready AI agents for defense and intelligence teams. The Cybersecurity and Compliance Engineer will manage compliance for federal programs, develop security plans, and work closely with engineering to ensure adherence to cybersecurity standards and frameworks.
Responsibilities:
- You own the compliance posture for PREDICTION's federal programs and, depending on program requirements, may serve as the named Information System Security Officer
- You develop and maintain the System Security Plan, track Plans of Action and Milestones, produce continuous monitoring deliverables on schedule, and represent the company in conversations with agency security teams and third-party assessment organizations
- When an assessor asks how a control is satisfied, the answer comes from you
- You work directly with engineering to understand the deployment architecture at a systems and network level: what runs where, what is encrypted, what is exposed, what is air-gapped, how authentication and authorization are enforced, how data flows between components
- You translate that understanding into control-satisfaction evidence across the applicable NIST control families and maintain that mapping as the architecture evolves
- You maintain the self-assessment, prepare the SPRS score, and prepare the company for C3PAO assessment when the timeline requires it
- You develop and maintain the SSP, coordinate with our FedRAMP pathway provider on inherited versus customer-responsible controls, prepare the 3PAO assessment package, and own continuous monitoring deliverables including monthly vulnerability scans, quarterly reporting, annual assessment updates, and POA&M remediation tracking
- You understand how these instruments interact with the traditional NIST 800-53 control catalog and can document compliance at the intersection of cybersecurity and AI governance
- You understand the escalation from FedRAMP Moderate through DoD Impact Levels (IL4, IL5, IL6) and the additional requirements each tier imposes, including dedicated infrastructure at IL5 and SIPRNet isolation at IL6
- You are familiar with ICD 503 for intelligence community systems and understand what changes when a deployment moves from a civilian agency environment to an IC enclave
Requirements:
- 3+ years in federal cybersecurity, information assurance, or security compliance roles
- Hands-on participation in at least one FedRAMP authorization or CMMC assessment cycle, including SSP development and 3PAO or C3PAO coordination
- Working knowledge of NIST 800-53, NIST 800-171, and the FedRAMP authorization process
- Familiarity with DoD Impact Levels and the compliance escalation each tier introduces
- Exposure to NIST AI RMF or the Generative AI Profile (AI 600-1) is a strong plus; the willingness and ability to develop that expertise quickly is required, since the AI governance layer has no established playbook and standard GRC experience will not cover it
- One or more of: CISSP, CISM, CAP, CCSP, or CMMC Registered Practitioner
- Bachelor's degree in cybersecurity, information systems, computer science, or a related field, or equivalent professional experience