Cloud Security Compliance Engineer Washington, DC

Location: In-Person (5 days/week) – Washington, DC 20036

Job Type: Full-time

Citizenship Requirement: U.S. Citizenship Required

Clearance Requirement: Active Secret or Top Secret Security Clearance

Lead and support RMF authorization efforts for cloud-hosted systems, including ATO package development and maintenance.

Serve as an ISSO-level compliance owner, coordinating security documentation, evidence collection, continuous monitoring, and control validation.

Develop and maintain RMF artifacts such as:

• System Security Plans (SSP)
• Security Assessment Reports (SAR)
• POA&Ms
• Control Implementation Statements

Own and manage POA&M lifecycle, including risk scoring, remediation coordination, milestone tracking, and executive reporting.

Map and validate security controls against required frameworks such as NIST 800-53, FedRAMP, DoD SRG, and agency-specific overlays.

Coordinate with auditors/assessors (3

PAO, internal assessment teams, government stakeholders) to support assessments, interviews, and evidence readiness.

Partner with cloud/platform engineers to ensure security controls are implemented in a way that is:

• technically accurate
• testable
• documented for assessment>

Drive continuous monitoring processes: vulnerability management reporting, control health tracking, logging/monitoring requirements, and configuration drift awareness.

Support policy and governance enforcement related to secure cloud operations, including baseline standards (CIS benchmarks, STIGs where applicable).

Ensure cloud systems maintain compliance readiness for regulated environments such as Gov Cloud and DoD IL5/IL6.

Contribute to security tooling and automation efforts where helpful (compliance reporting, evidence generation, guardrail validation), without requiring full-time engineering ownership.

Bachelor’s degree in computer science, cybersecurity, information systems, or a related technical field (or equivalent experience).

5+ years of experience in cybersecurity compliance, RMF, or security authorization roles.

Demonstrated experience producing and maintaining RMF artifacts (SSP, SAR, POA&M, etc.) for cloud-hosted or hybrid systems.

Strong working knowledge of NIST RMF and security control frameworks, including NIST 800-53 and/or FedRAMP.

Hands‑on experience supporting ATO efforts for one or more cloud environments (AWS, Azure, GCP).

Ability to translate cloud architecture into compliant control implementations (IAM, encryption, logging, networking segmentation, monitoring, patching, vulnerability response).

Experience coordinating stakeholders across engineering, compliance, leadership, and external assessors.

Strong written and verbal communication skills—especially for compliance documentation and assessment readiness.

Experience supporting DoD environments, including DoD SRG, IL5/IL6, and/or mission systems with strict boundary controls.

Familiarity with common GRC / compliance tooling such as eMASS, Xacta, Service Now GRC, Jira, or similar systems.

ISSO / ISSM experience operating inside government compliance processes and reporting structures.

Knowledge of CIS benchmarks, STIGs, vulnerability management standards, and secure configuration baselines.

Experience working with cloud security services such as:

• AWS Security Hub / Guard Duty
• Google Security Command Center

Certifications such as:

• CISSP
• CISM
• CAP
• Security+
• AWS/Azure/GCP security certifications

Background supporting continuous monitoring programs and automated evidence collection (even at a light‑touch level).

At Light Feather, you're not just taking a job—you're joining a purpose‑driven team that delivers innovative, mission‑critical solutions to make a real difference. You'll work on diverse, meaningful projects that challenge and inspire you, alongside some of the best minds in the industry.

As set forth in LIGHT FEATHER IO LLC’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.