Job Specifications
LightFeather is seeking a Cloud Security Compliance Engineer with deep expertise in Risk Management Framework execution, ATO packages, POA&M management, and ISSO-level compliance operations across cloud environments. This role is ideal for someone who understands how to translate cloud architecture into compliant, assessable systems—and can drive security authorization efforts end-to-end with engineering teams, ISSMs, program leadership, and auditors.
Location: In-Person (5 days/week) – Washington, DC 20036
Job Type: Full-time
Citizenship Requirement: U.S. Citizenship Required
Clearance Requirement: Active Secret or Top Secret Security Clearance
Key Responsibilities
Lead and support RMF authorization efforts for cloud-hosted systems, including ATO package development and maintenance.
Serve as an ISSO-level compliance owner, coordinating security documentation, evidence collection, continuous monitoring, and control validation.
Develop and maintain RMF artifacts such as:
System Security Plans (SSP)
Security Assessment Reports (SAR)
POA&Ms
Continuous Monitoring Plans
Control Implementation Statements
Own and manage POA&M lifecycle, including risk scoring, remediation coordination, milestone tracking, and executive reporting.
Map and validate security controls against required frameworks such as NIST 800-53, FedRAMP, DoD SRG, and agency-specific overlays.
Coordinate with auditors/assessors (3PAO, internal assessment teams, government stakeholders) to support assessments, interviews, and evidence readiness.
Partner with cloud/platform engineers to ensure security controls are implemented in a way that is:
technically accurate
testable
documented for assessment
Drive continuous monitoring processes: vulnerability management reporting, control health tracking, logging/monitoring requirements, and configuration drift awareness.
Support policy and governance enforcement related to secure cloud operations, including baseline standards (CIS benchmarks, STIGs where applicable).
Ensure cloud systems maintain compliance readiness for regulated environments such as GovCloud and DoD IL5/IL6.
Contribute to security tooling and automation efforts where helpful (compliance reporting, evidence generation, guardrail validation), without requiring full-time engineering ownership.
Required Qualifications
Bachelor’s degree in computer science, cybersecurity, information systems, or a related technical field (or equivalent experience).
5+ years of experience in cybersecurity compliance, RMF, or security authorization roles.
Demonstrated experience producing and maintaining RMF artifacts (SSP, SAR, POA&M, etc.) for cloud-hosted or hybrid systems.
Strong working knowledge of NIST RMF and security control frameworks, including NIST 800-53 and/or FedRAMP.
Hands-on experience supporting ATO efforts for one or more cloud environments (AWS, Azure, GCP).
Ability to translate cloud architecture into compliant control implementations (IAM, encryption, logging, networking segmentation, monitoring, patching, vulnerability response).
Experience coordinating stakeholders across engineering, compliance, leadership, and external assessors.
Strong written and verbal communication skills—especially for compliance documentation and assessment readiness.
Preferred Qualifications
Experience supporting DoD environments, including DoD SRG, IL5/IL6, and/or mission systems with strict boundary controls.
Familiarity with common GRC / compliance tooling such as eMASS, Xacta, ServiceNow GRC, Jira, or similar systems.
ISSO / ISSM experience operating inside government compliance processes and reporting structures.
Knowledge of CIS benchmarks, STIGs, vulnerability management standards, and secure configuration baselines.
Experience working with cloud security services such as:
AWS Security Hub / GuardDuty
Microsoft Defender for Cloud
Google Security Command Center
Certifications such as:
CISSP
CISM
CAP
Security+
AWS/Azure/GCP security certifications
Background supporting continuous monitoring programs and automated evidence collection (even at a light-touch level).
Why Join LightFeather?
At LightFeather, you're not just taking a job—you're joining a purpose-driven team that delivers innovative, mission-critical solutions to make a real difference. You'll work on diverse, meaningful projects that challenge and inspire you, alongside some of the best minds in the industry.