Security Authorization Specialist

This is a fully remote position, open to applicants in Colorado, +5 more states.

📋 Description

• Oversee Authorization Work streams: Independently manage the comprehensive authorization lifecycle for Game Warden across FedRAMP and US agency ATO packages.

• Artifact Responsibility: Create, enhance, and sustain high-quality System Security Plans (SSPs), control implementation narratives, Plans of Action & Milestones (POA&Ms), along with other supporting authorization materials.

• Proactive Continuous Monitoring: Oversee daily continuous monitoring tasks, which include monthly updates to POA&Ms, vulnerability and patch reporting, significant change evaluations, and yearly control assessments.

• Technical Liaison: Act as the main technical point of contact for 3PAOs, agency reviewers, and sponsor authorization officials during assessments, readiness evaluations, and audits.

• Collaborative Engineering: Work closely with Product, Engineering, Security Operations, and Cybersecurity Assessment teams to align complex cloud-native controls with FedRAMP and NIST 800-53 requirements.

• Policy to Technology Translation: Serve as a conduit between compliance and engineering disciplines.

• GRC Automation Utilization: Employ and assist in the optimization of GRC and evidence automation tools to enhance control mapping and evidence collection efficiency.

• Process Improvement Contribution: Engage in the ongoing enhancement of 2F’s authorization processes.

⛳️ Requirements

• A minimum of 7 years of experience in security compliance, cybersecurity authorization, or GRC activities.

• Strong practical knowledge of NIST 800-53 (Rev 4/5), NIST 800-37 (RMF), and FedRAMP-specific guidance and templates.

• Comprehensive understanding of contemporary cloud environments and how cloud-native patterns (AWS services, containers, Kubernetes, CI/CD pipelines) correlate to technical controls.

• Demonstrated success in supporting 3PAO assessments, annual reviews, or agency ATO initiatives from the vendor or integrator perspective.

• Outstanding written communication abilities, with a proven track record in producing assessor-ready technical documentation and clear control narratives.

• An active U.S. Top Secret (TS) security clearance is required, along with eligibility for access to Sensitive Compartmented Information (SCI).

• Current professional security certification such as CISSP, CISM, or Security+ is required.

🏝️ Benefits

• Competitive Salary

• 100% Healthcare, vision, and dental coverage

• 401(k) with a 3% company contribution

• Equity incentive plan

• Tech and office supplies stipend

• Annual professional development stipend

• Flexible paid time off alongside federal holidays off

• Parental leave

• Work from anywhere

• Referral Bonus