Own and execute certification strategies in close partnership with product management, sales, engineering and other stakeholders ensuring certification outcomes are aligned with company priorities, product direction, and compliance changes.
Drive FedRAMP Moderate, High, and IL5 assessment activities in partnership with engineering, security, and external assessors
Apply NIST 800-53, FedRAMP, and DoD SRG requirements to define clear, actionable expectations and deliverables for internal teams
Lead audit and ConMon execution, including evidence coordination, remediation planning and triage, and POAM lifecycle management
Author and maintain the System Security Plan (SSP) and supporting artifacts as systems and processes change
Apply deep understanding of complex security and cloud architecture to evaluate control implementation, identify gaps, and drive remediation with engineering teams
Build deep technical fluency across the product portfolio to lead discussions with assessors, agencies, and PMO certification bodies, allowing internal subject matter experts to remain focused on delivery
Communicate clearly and effectively across all levels of the organization, from hands on engineers to executive leadership, as well as external certification stakeholders
Manage certification execution with a program management mindset by owning project plans, timelines, dependencies, and risks, and by providing clear status to stakeholders and leadership

Requirements

5+ years of experience supporting or leading technology-focused FedRAMP risk assessments, Continuous Monitoring, and remediation efforts
Demonstrated ability to make risk based decisions and interpret security controls in complex, real work, environments
Working knowledge of public cloud platforms (GCP, AWS, and/or Azure), including how cloud native architectures and services implement and enforce security controls
Proven ownership of complex, cross functional initiatives, including planning, execution, and stakeholder communication
Hands on authorship and long-term maintenance of SSPs and supporting certification documentation
Ability to manage multiple, concurrent, initiatives in a complex, past paced, environments
Demonstrated ability to drive outcomes across teams without direct reporting authority
Hands on, self directed working style with a strong aptitude for understanding and working with complex technology products
Experience working effectively in distributed environments with multiple teams operating across different priorities and time zones
Excellent written and verbal communication skills, with the ability to engage effectively with engineers, business stakeholders, auditors, and leadership
Proactive, curious, and transparent approach; assertive yet collaborative, comfortable taking ownership, asking hard questions, and driving work to completion with minimal supervision while embodying Palo Alto Networks values
BS degree (or equivalent technical degree or equivalent military experience) required; MS preferred
CISA, CRISC, CISSP or other similar security certifications desired

Benefits

Employee benefits may include restricted stock units and a bonus

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

FedRAMPNIST 800-53DoD SRGContinuous MonitoringSystem Security Plan (SSP)cloud architecturerisk assessmentsremediation planningproject managementsecurity controls

Soft Skills

communicationstakeholder managementdecision makingcollaborationself-directedproactivecuriousassertiveorganizationalleadership

Certifications

CISACRISCCISSPBS degreeMS degree