Security Architect (FedRamp)

Overview

Security Architect (for FedRAMP) 

Description 

We are seeking an experienced Security Architect for FedRAMP to serve as the primary technical lead for our FedRAMP authorization and ongoing continuous monitoring (ConMon) compliance. In this role, you'll own the technical interface between our contracted GRC vendor-partner, internal engineering teams, and FedRAMP stakeholders while driving remediation activities across the organization. 

You'll hold authority to halt deployments and reject ConMon packages that do not meet FedRAMP evidence and SLA

Requirements

. You'll coordinate technical implementation of NIST 800-53 Rev 5 security controls, ensure effectiveness and auditability, and serve as the final technical quality gate for control implementations and evidence schemas before submission. 

Eligibility requirement: 

As an experienced security professional,

• Drive vulnerability remediation to meet FedRAMP SLAs: Critical/High ≤30 days, Moderate ≤90 days, Low ≤180 days, KEV ≤14 days 

• Own monthly privileged access reviews with identity removal attestations attached to Continuous Monitoring packages 

• Certify asset inventory completeness and scan coverage before each Continuous Monitoring submission 

• Review and validate technical evidence before submission to GRC vendor 

• Act as final technical quality gate for control implementations and evidence collection 

• Own FIPS 140-3 validation tracking for all cryptographic modules; maintain Appendix Q (Ports, Protocols, and Services) 

• Ensure logs meet retention requirements: 12 months searchable online, 18 months archived; provide monthly attestation 

• Plan and deliver annual penetration tests, red team exercises, DR/IR tests, and contingency exercises; track findings to POA&M closure 

• Run SBOM/VEX generation and vendor SCRM reviews aligned to NIST SP 800-161 Rev 1