Ensure the program’s security and operations are in support of SentinelOne, Public Sector cybersecurity, and FedRAMP program policy.
Assist in the maintenance and oversight of security controls to ensure compliance with FedRAMP and other relevant Public Sector security frameworks.
Conduct regular assessments and audits to verify the effectiveness of security controls.
Work with the teams to set and meet quality standards for vulnerability management deliverables.
Support the identification, assessment, and management of security risks associated with the information systems.
Works with other SentinelOne stakeholder organizations (engineering, site reliability engineering, and FedRAMP product management) to maintain and support our Public Sector environments in a compliant manner.
Create and maintain accurate and up-to-date security documentation, including security plans, risk assessments, Plan of Actions & Milestones (POA&M), and authorization packages.
Support the Change Control Board (CCB) by reviewing system changes for compliance implications.
Ensures quality of all Continuous Monitoring (ConMon) deliverables and timely submission to approved repositories for FedRAMP PMO and customer review.
Supports the execution and completion of FedRAMP annual assessments, including analysis and remediation of findings, support gathering/management of audit evidence, and finalization of Security Package documentation such as System Security Plan (SSP), Policies/Procedures, Security Assessment Plan (SAP), Risk Exposure Table (RET), and Security Assessment Report (SAR).
Keeping abreast of changes performed on Federal systems and providing notice of changes to FedRAMP and customers via the Significant Change Request (SCR) process.
Maintains and executes compliance related activities for public sector offerings, including user onboarding/offboarding, customer eligibility validation, regulated package access requests, and performing internal compliance audits.
Collaborate with system administrators, developers, engineers, product owners, and other stakeholders to integrate security measures into the system development life cycle.
Provide support during security incidents, including investigation, documentation, and reporting.
Identify areas of concern and provide recommendations for mitigations and/or remediation.
Stay on top of new technologies and how they can be used to help enhance the overall security posture of our offerings.
Stay current on industry best practices, emerging threats, and changes in security regulations.
Continually seek out new tools that could improve the way we work.

Requirements

5+ years of prior experience working as a GRC Analyst, Security Compliance Analyst/Manager, Compliance Specialist, or in an ISSO/ISSM-equivalent role in a similar industry.
Must have US government (i.e. FedRAMP, FISMA, CMMC, etc) or US Public Sector compliance experience; experience supporting DoD and SLED environments is a plus.
Strong knowledge of information security principles, practices, and technologies, including risk management and control-based compliance.
Experience contributing to the delivery or oversight of complex compliance programs, products, or platforms, preferably in a cloud or hybrid environment.
Experience implementing, evaluating, and assessing cybersecurity and compliance controls, including frameworks such as FedRAMP, NIST SP 800-53, and DISA SRGs/STIGs.
Demonstrated ability to build and manage collaborative relationships with a diverse set of stakeholders across engineering, security, product, and compliance teams.
Familiarity with modern cloud technologies and architectures (e.g., AWS, Azure, GCP, SaaS platforms).
Must reside in the United States, be a U.S. Citizen, and have the ability to obtain a government clearance if required.
Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) are a plus

Benefits

Medical, Vision, Dental, 401(k), Commuter, Health and Dependent FSA
Unlimited PTO
Industry-leading gender-neutral parental leave
Paid Company Holidays
Paid Sick Time
Employee stock purchase program
Disability and life insurance
Employee assistance program
Gym membership reimbursement
Cell phone reimbursement
Numerous company-sponsored events, including regular happy hours and team-building events

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

GRC AnalystSecurity Compliance AnalystCompliance SpecialistISSOISSMrisk managementcybersecurity controlscompliance controlsFedRAMPNIST SP 800-53

Soft Skills

collaborative relationshipscommunicationproblem-solvinginvestigationdocumentationreportingrecommendationsstakeholder engagementquality standardsadaptability

Certifications

Certified Information Systems Security Professional (CISSP)Certified Information Security Manager (CISM)Certified Information Systems Auditor (CISA)