InfoSec Engineer – Compliance, ATO

Job Description:

• Own and execute our strategy for how we approach ATOs across our customers.
• Lead the end-to-end ATO process for IL-6 (SIPR) and IL-7(JWICS) environments, through full authorization and follow-on compliance.
• Own RMF (Risk Management Framework) documentation and control implementation across multiple simultaneous ATOs
• Work with 3PAOs and federal government AOs to achieve compliance certifications and reports
• Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures
• Serve as a liaison between system owners and other security personnel, ensuring that selected security controls are effectively implemented and maintained throughout the lifecycle of projects
• Interface directly with government ISSMs, AOs, and security stakeholders to manage authorization packages and navigate accreditation tools (XACTA, eMASS)
• Design and implement role-based access controls, data classification frameworks, and audit logging capabilities for classified environments
• Architect solutions for handling TS/SCI data with proper controls and separation that meet DoD requirements
• Ensure compliance with DISA STIGs, SRGs, NIST 800-53, and DoD hardening standards
• Build scalable systems and processes for managing ATOs across different customers and sponsors
• Coordinate with platform engineering teams on security roadmap priorities and technical implementation
• Manage relationships with government sponsors and identify opportunities to parallel-path authorization efforts
• Work closely with mission engineering teams deploying to classified environments and partner with compliance engineering on FedRAMP and CMMC efforts
• Brief executive leadership on ATO status, risks, and strategic decisions

Requirements:

• Must have personally led or been deeply involved in achieving ATOs or DISA provisional authorizations
• 5+ years in information security, with significant time in government/DoD compliance
• Direct experience with RMF, NIST 800-53, DISA STIGs, and IL-4/IL-5/IL-6/IL-7 environments
• Track record of working closely with government ISSMs, AOs, to navigate and expedite bureaucratic processes
• Experience with XACTA, eMASS, or similar government accreditation platforms
• Deep understanding of classified network architectures (SIPR, JWICS)
• Experience implementing RBAC, audit logging, and data classification systems
• Knowledge of cloud security in AWS GovCloud, Google Government, and Azure Government
• Familiarity with container security, Kubernetes/OpenShift in classified environments
• Understanding of cross-domain solutions and data transfer between classification levels
• Ability to navigate complex government processes and build relationships with government stakeholders
• Strong written communication for technical documentation and compliance artifacts
• Must hold an active U.S. TS Security clearance with SCI Eligibility.

Benefits:

• Health, dental, and vision insurance
• Remote friendly with WeWork access
• Unlimited PTO, shared downtime during the federal holiday calendar, and company-wide off time at the end of each year
• 401(k) match
• Lifestyle & wellbeing stipends
• Salary top-up during military reserve duty
• Fully paid parental leave
• Child and pet care reimbursement during travel

Apply tot his job Apply To this Job