Responsibilities
- Own the authorization workstreams for Game Warden across FedRAMP and US agency ATO packages, including initial authorizations, annual assessments, and significant change requests.
- Author and maintain System Security Plans (SSPs), control implementation narratives, Plans of Action & Milestones (POA&Ms), and supporting authorization artifacts that accurately reflect our architecture, controls, and operating reality. Drive findings and control gaps to closure with measurable outcomes.
- Drive continuous monitoring activities including monthly POA&M updates, vulnerability and patch reporting, significant change reviews, and annual control assessments.
- Serve as a technical point of contact for 3PAOs, agency reviewers, and sponsor authorization officials during assessments, readiness reviews, and audits.
- Partner closely with Product, Engineering, Security Operations, and Cybersecurity Assessment teams to map technical controls to FedRAMP and NIST 800-53 requirements, and to collect defensible evidence.
- Translate complex regulatory requirements into clear, actionable guidance that engineering teams can implement, not just policy language.
- Use and help improve our GRC and evidence automation tooling to streamline control mapping, evidence collection, and continuous monitoring, writing basic scripts or queries (e.g., Python, Bash, SQL, simple API calls) where they save the team time.
- Contribute to the evolution of 2F’s authorization processes, tooling, and evidence workflows as we scale our portfolio across frameworks and environments.
Work Arrangement
Hybrid
Additional Information
- This role requires U.S. citizenship due to government contract requirements.
- Additionally, candidates must reside in one of our approved hiring hubs: - DC/Maryland/Virginia - Raleigh/Durham/Chapel Hill, NC - Denver/Colorado Springs, CO - Dallas/Fort Worth, TX
