Cloud Security Compliance Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

LightFeather · 12 hours ago

Cloud Security Compliance Engineer

positionWashington, DC
timeFull-time
remoteOnsite
senioritySenior Level
date5+ years exp

LightFeather is seeking a Cloud Security Compliance Engineer with deep expertise in Risk Management Framework execution and compliance operations across cloud environments. The role involves leading RMF authorization efforts, managing compliance documentation, and ensuring security controls are implemented effectively in cloud systems.

AnalyticsConsultingCyber SecurityInformation TechnologyUX Design
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Lead and support RMF authorization efforts for cloud-hosted systems, including ATO package development and maintenance
Serve as an ISSO-level compliance owner, coordinating security documentation, evidence collection, continuous monitoring, and control validation
Develop and maintain RMF artifacts such as:
System Security Plans (SSP)
Security Assessment Reports (SAR)
POA&Ms
Continuous Monitoring Plans
Control Implementation Statements
Own and manage POA&M lifecycle, including risk scoring, remediation coordination, milestone tracking, and executive reporting
Map and validate security controls against required frameworks such as NIST 800-53, FedRAMP, DoD SRG, and agency-specific overlays
Coordinate with auditors/assessors (3PAO, internal assessment teams, government stakeholders) to support assessments, interviews, and evidence readiness
Partner with cloud/platform engineers to ensure security controls are implemented in a way that is:
Technically accurate
Testable
Documented for assessment
Drive continuous monitoring processes: vulnerability management reporting, control health tracking, logging/monitoring requirements, and configuration drift awareness
Support policy and governance enforcement related to secure cloud operations, including baseline standards (CIS benchmarks, STIGs where applicable)
Ensure cloud systems maintain compliance readiness for regulated environments such as GovCloud and DoD IL5/IL6
Contribute to security tooling and automation efforts where helpful (compliance reporting, evidence generation, guardrail validation), without requiring full-time engineering ownership

Qualification

Risk Management FrameworkNIST 800-53ATO package developmentCloud security complianceAWS Security HubCIS benchmarksISSO experienceCompliance documentationStakeholder coordinationCommunication skills

Required

Bachelor's degree in computer science, cybersecurity, information systems, or a related technical field (or equivalent experience)
5+ years of experience in cybersecurity compliance, RMF, or security authorization roles
Demonstrated experience producing and maintaining RMF artifacts (SSP, SAR, POA&M, etc.) for cloud-hosted or hybrid systems
Strong working knowledge of NIST RMF and security control frameworks, including NIST 800-53 and/or FedRAMP
Hands-on experience supporting ATO efforts for one or more cloud environments (AWS, Azure, GCP)
Ability to translate cloud architecture into compliant control implementations (IAM, encryption, logging, networking segmentation, monitoring, patching, vulnerability response)
Experience coordinating stakeholders across engineering, compliance, leadership, and external assessors
Strong written and verbal communication skills—especially for compliance documentation and assessment readiness

Preferred

Experience supporting DoD environments, including DoD SRG, IL5/IL6, and/or mission systems with strict boundary controls
Familiarity with common GRC / compliance tooling such as eMASS, Xacta, ServiceNow GRC, Jira, or similar systems
ISSO / ISSM experience operating inside government compliance processes and reporting structures
Knowledge of CIS benchmarks, STIGs, vulnerability management standards, and secure configuration baselines
Experience working with cloud security services such as: AWS Security Hub / GuardDuty, Microsoft Defender for Cloud, Google Security Command Center
Certifications such as: CISSP, CISM, CAP, Security+, AWS/Azure/GCP security certifications
Background supporting continuous monitoring programs and automated evidence collection (even at a light-touch level)

Company

LightFeather

twittertwittertwitter
company-logo
LightFeather is an IT consulting firm that provides UI/UX design, DevSecOps, cybersecurity, analytics, data science, and cloud services.
dateFounded in 2018
location
Washington, District of Columbia, USA
people-size51-200 employees
web-link
https://lightfeather.io

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Sarah Fahden
Founder & CEO
linkedin
Company data provided by crunchbase