What You’ll Do
Execute monthly FedRAMP Continuous Monitoring activities, ensuring timely and accurate completion of deliverables
Maintain and update Plans of Action and Milestones (POA&Ms), including tracking remediation progress and validating closure
Review and analyze vulnerability scan results (e.g., Nessus) and assist with prioritization and escalation
Maintain an accurate, up-to-date view of vulnerability status across the environment
Track vulnerabilities through the full lifecycle: identification, validation, remediation, and closure
Monitor and report on aging vulnerabilities and SLA adherence
Ensure consistency between scan results, ticketing systems (e.g., ServiceNow), and POA&M records
Operational Visibility & Monitoring
Maintain continuous operational visibility into the security posture of FedRAMP systems, including vulnerabilities, assets, and control status
Validate that security-relevant data (scan results, logs, asset inventory, and tracking systems) is complete, accurate, and aligned across sources
Identify gaps in visibility (e.g., missing assets, incomplete scan coverage, inconsistent data) and escalate appropriately
Support continuous monitoring activities aligned with FedRAMP and NIST 800-137 (ISCM) expectations
Assist in ensuring that logging, monitoring, and security tooling provide sufficient coverage to support ongoing risk awareness and audit readiness
Additional Responsibilities
Prepare and maintain audit-ready documentation and ConMon artifacts, including monthly summaries
Partner with engineering, cloud, and security teams to support timely remediation efforts
Assist with annual assessments and audit preparation, including coordination with internal and external auditors
Identify recurring issues or trends and escalate to the senior lead for resolution
What We’re Looking For
2–4 years of experience in cybersecurity, vulnerability management, or compliance operations
Exposure to FedRAMP, NIST 800-53, or similar security frameworks
Hands-on experience working with vulnerability scanning tools (e.g., Nessus, Qualys)
Experience tracking vulnerabilities or security findings in a ticketing or tracking system (e.g., ServiceNow, Jira)
Strong organizational skills with the ability to manage and track large volumes of findings accurately
High attention to detail and commitment to maintaining data accuracy and consistency
Ability to identify and investigate discrepancies across multiple data sources
Understanding of the importance of continuous monitoring, system visibility, and audit readiness in regulated environments
Strong written and verbal communication skills, with the ability to clearly convey status and risk
Ability to work independently while collaborating closely with a senior lead and cross-functional teams
BS Engineering/Computer Science or equivalent experience required
Nice to Have
Experience with FedRAMP Continuous Monitoring processes or reporting
Familiarity with POA&M management and audit support activities
Exposure to logging, monitoring, or SIEM platforms
Experience improving workflows through automation or scripting (e.g., PowerShell, Python, Power Automate)
What Success Looks Like
Success in this role means maintaining a clear, accurate, and continuously updated view of system security posture, ensuring that:
Vulnerability status is consistently tracked and reported
Security data is aligned across tools and reporting artifacts
ConMon deliverables are completed on time
The environment remains audit-ready with strong operational visibility and minimal surprises
This role requires comfort working in a structured, compliance-driven environment with recurring monthly deliverables and a strong focus on consistency and detail.
Additional Requirements
U.S. Citizenship required
Must meet IAL2 (Identity Assurance Level 2) requirements
This is a hybrid position
We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location.
We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1-855-833-5120.
Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here.
Please read our Candidate Privacy Policy.
We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.
USA Job Seekers: