InfoSec Engineer – Compliance, ATO
Vannevar Labs
full-time
Posted on:
Location Type: Remote
Location: United States
Visit company websiteExplore more
About the role
- Own and execute our strategy for how we approach ATOs across our customers.
- Lead the end-to-end ATO process for IL-6 (SIPR) and IL-7(JWICS) environments, through full authorization and follow-on compliance.
- Own RMF (Risk Management Framework) documentation and control implementation across multiple simultaneous ATOs
- Work with 3PAOs and federal government AOs to achieve compliance certifications and reports
- Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures
- Serve as a liaison between system owners and other security personnel, ensuring that selected security controls are effectively implemented and maintained throughout the lifecycle of projects
- Interface directly with government ISSMs, AOs, and security stakeholders to manage authorization packages and navigate accreditation tools (XACTA, eMASS)
- Design and implement role-based access controls, data classification frameworks, and audit logging capabilities for classified environments
- Architect solutions for handling TS/SCI data with proper controls and separation that meet DoD requirements
- Ensure compliance with DISA STIGs, SRGs, NIST 800-53, and DoD hardening standards
- Build scalable systems and processes for managing ATOs across different customers and sponsors
- Coordinate with platform engineering teams on security roadmap priorities and technical implementation
- Manage relationships with government sponsors and identify opportunities to parallel-path authorization efforts
- Work closely with mission engineering teams deploying to classified environments and partner with compliance engineering on FedRAMP and CMMC efforts
- Brief executive leadership on ATO status, risks, and strategic decisions
Requirements
- Must have personally led or been deeply involved in achieving ATOs or DISA provisional authorizations
- 5+ years in information security, with significant time in government/DoD compliance
- Direct experience with RMF, NIST 800-53, DISA STIGs, and IL-4/IL-5/IL-6/IL-7 environments
- Track record of working closely with government ISSMs, AOs, to navigate and expedite bureaucratic processes
- Experience with XACTA, eMASS, or similar government accreditation platforms
- Deep understanding of classified network architectures (SIPR, JWICS)
- Experience implementing RBAC, audit logging, and data classification systems
- Knowledge of cloud security in AWS GovCloud, Google Government, and Azure Government
- Familiarity with container security, Kubernetes/OpenShift in classified environments
- Understanding of cross-domain solutions and data transfer between classification levels
- Ability to navigate complex government processes and build relationships with government stakeholders
- Strong written communication for technical documentation and compliance artifacts
- Must hold an active U.S. TS Security clearance with SCI Eligibility.
Benefits
- Health, dental, and vision insurance
- Remote friendly with WeWork access
- Unlimited PTO, shared downtime during the federal holiday calendar, and company-wide off time at the end of each year
- 401(k) match
- Lifestyle & wellbeing stipends
- Salary top-up during military reserve duty
- Fully paid parental leave
- Child and pet care reimbursement during travel
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
ATO processRisk Management Framework (RMF)NIST 800-53DISA STIGsrole-based access controls (RBAC)audit loggingdata classificationcloud securitycontainer securityclassified network architectures
Soft Skills
relationship managementcommunicationleadershipstrategic decision-makingcollaborationproblem-solvingorganizational skillsliaison capabilitiesnavigating government processesbriefing executive leadership
Certifications
U.S. TS Security clearanceSCI Eligibility