FedRAMP Analyst

Department: Security & IT

Location: Remote USA

Compensation: $80,000 - $100,000 / year

Description

The FedRAMP Analyst is responsible for day-to-day execution of Clearview AI’s FedRAMP Continuous Monitoring (CONMON) program for Clearview’s federal-authorized platforms, including FedRAMP High. This role owns monthly CONMON deliverables (vulnerability tracking, POA&M updates, inventory reporting, and monthly executive reporting inputs), supports annual 3PAO assessment preparation, and maintains audit-ready evidence repositories aligned to the approved ATO package (SSP and appendices).
The FedRAMP Analyst partners closely with Engineering, Security & IT, Legal, People Operations, and external compliance partners to ensure authorized systems remain compliant, secure, and ready to support active U.S. Government customer usage. This role is scoped exclusively to FedRAMP; any future DoD IL program will be staffed as a separate position and is out of scope for this role.



Key Responsibilities

• Execute the monthly FedRAMP CONMON calendar and ensure timely completion of all required artifacts and submissions.
• Own monthly vulnerability remediation tracking: intake scan outputs, open/track remediation tickets, validate closure evidence, and ensure SLA adherence (e.g., 30/90/180-day timelines).
• Maintain and update the Plan of Action and Milestones (POA&M): create/update POA&M items, document milestones, track due dates, coordinate risk statements with Legal, and route for approvals.
• Generate and maintain monthly inventory and configuration evidence (e.g., Integrated Inventory Workbook/IIW updates, authorized software evidence, baseline/config drift support).
• Prepare monthly CONMON reporting packages, including Monthly Security Status Reports, CONMON Executive Summary inputs, deviation requests, and other stakeholder reports required by the Sponsoring Agency, FedRAMP PMO, or Authorizing Official.
• Prepare deviation and exception requests: gather technical justification, compensating control documentation, scope/impact statements, and route through required approvals.
• Support continuous monitoring governance activities: access review evidence, log/monitoring review evidence, and coordination of corrective actions with Engineering and Security & IT.
• Maintain the CONMON and ATO artifact repository in Google Drive (or designated system): version control, naming conventions, evidence indexing, and audit-ready structure.
• Support annual security testing activities (e.g., penetration tests, red-team exercises if applicable, IR/ISCP tabletop exercises) by tracking schedules, collecting artifacts, and documenting remediation status.
• Support annual 3PAO assessment coordination: evidence collection, interview scheduling, assessor Q&A tracking, and findings remediation tracking in partnership with the VP, Federal Operations.
• Support significant change workflows: help determine compliance impact, document change narratives, update SSP appendices as required, and maintain change evidence for CONMON.
• Track training compliance for federal systems (Rules of Behavior acknowledgements, required awareness training completion) in coordination with People Ops and Security & IT.
• Serve as a primary day-to-day point of contact for internal stakeholders for FedRAMP evidence requests and compliance status updates; escalate risks and blockers to the VP, Federal Operations.
  
  

Skills, Knowledge and Expertise

• 3 years of experience in cybersecurity compliance, GRC, or operating regulated cloud environments (FedRAMP, DoD IL, CJIS, HIPAA, PCI, ISO 27001/42001, or similar).
• Demonstrated experience executing continuous monitoring or recurring compliance reporting programs (monthly cadence preferred).
• Working knowledge of NIST 800-53 and FedRAMP concepts (POA&M management, SSP/ATO artifact structure, assessment evidence expectations).
• Experience coordinating vulnerability remediation tracking and translating technical findings into compliance artifacts (tickets, evidence, milestones, risk language).
• Strong project management and organizational skills; ability to manage multiple deadlines and stakeholder inputs.
• Excellent communication skills for producing audit-ready narratives, status reports, and executive summaries.
• Comfort working with technical teams (Engineering, Security) to obtain evidence and validate remediation outcomes.
• Experience using common tooling for evidence and workflow tracking (Google Drive, Jira/Linear, spreadsheets, ticketing systems).
• Ability to manage confidential and sensitive cybersecurity information.
• Candidates must be able to meet government security clearance requirements as required for this role.

Preferred Qualifications:

• Direct experience supporting a FedRAMP Moderate/High authorization, annual 3PAO assessment, or agency ATO process.
• Experience with SecondFront/Game Warden or other FedRAMP-adjacent platforms and inherited-control models.
• Familiarity with vulnerability scanning, SIEM/log review concepts, and secure SDLC evidence (SAST/DAST, threat modeling).
• Experience with evidence automation or compliance engineering approaches (repeatable evidence packets, templates, control mapping).
• Relevant certifications (e.g., Security , SSCP, CISSP Associate, CAP, CISA, PMP).
  
  

Benefits

• Medical, Dental, Vision, STD and LTD Plans
• FSA - Medical and Dependent Care
• EAP and wellness programs
• 13 Paid Holidays
• Unlimited PTO
• Flexible work environment - 100% remote
• 401(k) plan