SecureIT
About SecureIT:
SecureIT is a trusted and fast-growing professional services firm specializing in cybersecurity compliance, with deep expertise in FedRAMP assessments and authorizations for cloud service providers. As an accredited Third-Party Assessment Organization (3PAO), we help clients navigate complex federal cybersecurity requirements and enable them to deliver secure, compliant services to government agencies. What sets SecureIT apart is not only our technical excellence and commitment to quality but also our people-first culture. We value challenging work that drives professional growth, we encourage work-life integration, and we actively support community engagement. Employees at SecureIT enjoy a collaborative environment, remote work flexibility, and direct impact on meaningful projects that shape the future of cloud security. If you are seeking a mission-driven company where your contributions matter and your development is supported, SecureIT is the place to be.
What You’ll
Do:
We are seeking a
FedRAMP
Compliance
Analyst
to join our FedRAMP Advisory service line. This position requires experience in vulnerability management, compliance, configuration, and best practices monitoring, or related security operations responsibilities, as well as working knowledge of the FedRAMP framework. You will work directly with clients to coordinate continuous monitoring (ConMon) activities, including creating monthly ConMon package submissions, reviewing deviation rational, spot-checking implementation of continuous controls, coordinating annual assessment activities, reviewing change requests, updating package artifacts, and reviewing annual package submissions. As a Compliance Analyst, you will coordinate with key stakeholders to ensure performance of ongoing ConMon responsibilities, remediation tracking, and preparation for assessment to ensure continued authorization.
Responsibilities and tasking include:
Create monthly ConMon submissions on behalf of the cloud service provider (CSP) including artifacts such as ConMon executive summary, inventory report, vulnerability scan outputs, deviation forms, plan of action and milestones (POA&M), risk summary reports, and multi-agency ConMon reports. Review, track, and document deviations including vendor dependencies, operational requirements, risk acceptances, risk reductions, and false positives related to open vulnerabilities on an ongoing basis and frequencies defined by FedRAMP program requirements. Validate that vulnerability scans and configuration compliance scans are correct (e.g., covering the full inventory, properly authenticated, using up-to-date plug-ins, etc.) and summarize results by unique vulnerability/configuration element for the POA&M. Coordinate performance of required periodic controls (i.e., monthly, and quarterly) with CSPs aligning with frequencies defined by FedRAMP program requirements. Provide continuous risk-based authorization-related recommendations and information to both customer and government teams to enable authorizing officials and other decision makers to make sound risk decisions for continued authorization of systems. Update CSP FedRAMP package documentation including the System Security Plan (SSP) and attachments on an ongoing basis and frequencies defined by the FedRAMP program requirements. Coordinate annual assessment activities between CSP and 3PAO and review annual package artifacts for completion, accuracy, and residual risk posture. What You’ll
Bring to the Table:
Knowledge & Experience: 2-4 years professional experience in vulnerability management, system compliance monitoring, or related security operations responsibilities.
Understanding of cloud engineering and implementing cloud security best practices on IaaS providers (e.g., AWS, Azure, or GCP). Working knowledge of the FedRAMP compliance framework and experience conducting or supporting security control assessments based on NIST SP 800-53. Technical Skills: Experience evaluating output from common cybersecurity tools such as Nessus, Qualys, Wiz, Prisma, etc. Familiarity interpreting configuration compliance scan output and key vulnerability scan output elements such as scoring systems, National Vulnerability Database (NVD), Common Vulnerability Scoring System (CVSS) calculations, and Security Content Automation Protocol (SCAP). Soft Skills
: Strong communication skills to explain compliance and security concepts to non-technical stakeholders. Effective time management skills, attention to detail and an ability to adapt in a rapidly changing environment. Strong writing and documentation skills. Certifications:
Industry recognized certifications such as CISA, CISM, CISSP, CCSP, CCSK, CCAK, and/or specific hyperscale certifications a plus. Education: Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field. Ready to Make an Impact? If you’re excited about the opportunity to work with a talented team and help drive great business outcomes for our clients, we want to hear from you. Apply today and join us in making a difference!
SecureIT is a trusted and fast-growing professional services firm specializing in cybersecurity compliance, with deep expertise in FedRAMP assessments and authorizations for cloud service providers. As an accredited Third-Party Assessment Organization (3PAO), we help clients navigate complex federal cybersecurity requirements and enable them to deliver secure, compliant services to government agencies. What sets SecureIT apart is not only our technical excellence and commitment to quality but also our people-first culture. We value challenging work that drives professional growth, we encourage work-life integration, and we actively support community engagement. Employees at SecureIT enjoy a collaborative environment, remote work flexibility, and direct impact on meaningful projects that shape the future of cloud security. If you are seeking a mission-driven company where your contributions matter and your development is supported, SecureIT is the place to be.
What You’ll
Do:
We are seeking a
FedRAMP
Compliance
Analyst
to join our FedRAMP Advisory service line. This position requires experience in vulnerability management, compliance, configuration, and best practices monitoring, or related security operations responsibilities, as well as working knowledge of the FedRAMP framework. You will work directly with clients to coordinate continuous monitoring (ConMon) activities, including creating monthly ConMon package submissions, reviewing deviation rational, spot-checking implementation of continuous controls, coordinating annual assessment activities, reviewing change requests, updating package artifacts, and reviewing annual package submissions. As a Compliance Analyst, you will coordinate with key stakeholders to ensure performance of ongoing ConMon responsibilities, remediation tracking, and preparation for assessment to ensure continued authorization.
Responsibilities and tasking include:
Create monthly ConMon submissions on behalf of the cloud service provider (CSP) including artifacts such as ConMon executive summary, inventory report, vulnerability scan outputs, deviation forms, plan of action and milestones (POA&M), risk summary reports, and multi-agency ConMon reports. Review, track, and document deviations including vendor dependencies, operational requirements, risk acceptances, risk reductions, and false positives related to open vulnerabilities on an ongoing basis and frequencies defined by FedRAMP program requirements. Validate that vulnerability scans and configuration compliance scans are correct (e.g., covering the full inventory, properly authenticated, using up-to-date plug-ins, etc.) and summarize results by unique vulnerability/configuration element for the POA&M. Coordinate performance of required periodic controls (i.e., monthly, and quarterly) with CSPs aligning with frequencies defined by FedRAMP program requirements. Provide continuous risk-based authorization-related recommendations and information to both customer and government teams to enable authorizing officials and other decision makers to make sound risk decisions for continued authorization of systems. Update CSP FedRAMP package documentation including the System Security Plan (SSP) and attachments on an ongoing basis and frequencies defined by the FedRAMP program requirements. Coordinate annual assessment activities between CSP and 3PAO and review annual package artifacts for completion, accuracy, and residual risk posture. What You’ll
Bring to the Table:
Knowledge & Experience: 2-4 years professional experience in vulnerability management, system compliance monitoring, or related security operations responsibilities.
Understanding of cloud engineering and implementing cloud security best practices on IaaS providers (e.g., AWS, Azure, or GCP). Working knowledge of the FedRAMP compliance framework and experience conducting or supporting security control assessments based on NIST SP 800-53. Technical Skills: Experience evaluating output from common cybersecurity tools such as Nessus, Qualys, Wiz, Prisma, etc. Familiarity interpreting configuration compliance scan output and key vulnerability scan output elements such as scoring systems, National Vulnerability Database (NVD), Common Vulnerability Scoring System (CVSS) calculations, and Security Content Automation Protocol (SCAP). Soft Skills
: Strong communication skills to explain compliance and security concepts to non-technical stakeholders. Effective time management skills, attention to detail and an ability to adapt in a rapidly changing environment. Strong writing and documentation skills. Certifications:
Industry recognized certifications such as CISA, CISM, CISSP, CCSP, CCSK, CCAK, and/or specific hyperscale certifications a plus. Education: Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field. Ready to Make an Impact? If you’re excited about the opportunity to work with a talented team and help drive great business outcomes for our clients, we want to hear from you. Apply today and join us in making a difference!