Posted 1 day ago
Public Trust
Unspecified
Unspecified
Ashburn, VA (On-Site/Office)
The most security-conscious organizations trust Telos Corporation to protect their vital IT assets. The reputation of our company rests on the quality of our solutions and the integrity of our people. Explore what you can bring to our solutions in the areas of cyber, cloud and enterprise security.
Be a part of the Telos culture and see what sets us apart! Telos offers an excellent compensation package with benefits that include generous paid time off, medical, dental, vision, tuition reimbursement, and 401k. Our employees enjoy more than just a great work environment!
This position will be based at Ashburn VA.
Responsibilities:
• Authority to Operate (ATO) Lifecycle
o Lead, develop, and maintain the System Security Plan (SSP), Security Assessment Plan/Report (SAP/SAR), POA\&M, and associated FedRAMP artifacts (e.g., Inventory, Control Implementation Statements, policies/procedures).
o Coordinate with Product/Engineering, Security Architecture, and Operations to ensure control implementations meet FedRAMP Moderate/High baselines and remain effective across release cycles.
o Partner with 3PAOs and agency stakeholders to support assessments, control gap closure, and ATO maintenance.
• Continuous Monitoring (ConMon)
o Own monthly/quarterly reporting cadence, including vulnerabilities (RA-5), patching (SI-2), configuration management (CM), and incident handling (IR).
o Drive POA\&M management: validate findings, set remediation plans, track due dates, and ensure high-quality closure evidence.
o Ensure timely submission of ConMon deliverables and respond to FedRAMP PMO or AO data calls and actions.
• Risk & Compliance Operations
o Perform risk assessments, control testing, and evidence collection; analyze control effectiveness and propose compensating controls where appropriate.
o Maintain a defensible control inheritance posture across CSP-native services and third-party integrations.
o Monitor changes (architecture, features, suppliers) for security impact and lead Security Impact Analyses (SIAs).
• Security Engineering Partnership
o Work with engineering teams to embed security-by-design and secure SDLC practices; validate IaC baselines and security guardrails.
o Align logging, monitoring, and incident response with FedRAMP expectations (e.g., SIEM use cases, audit log retention, escalation, playbooks).
o Assist with Boundary/Authorization scope management, data flows, and multi-tenant isolation narratives.
• Stakeholder Communication & Governance
o Serve as the point of contact for agencies, 3PAOs, and internal audit/compliance functions.
o Prepare and deliver briefings to leadership on risk posture, audit readiness, and remediation progress.
o Track and report Key Risk Indicators (KRIs) and compliance metrics.
Job Requirements
Required Qualifications
• Core Competencies:
o Ownership mindset with bias for action and detail orientation.
o Excellent stakeholder management-able to work seamlessly with engineering, operations, legal, and agency partners.
o Analytical problem-solver who can balance strict compliance requirements with practical, cloud-native solutions.
o Strong organization and project management skills (deadlines, evidence quality, status reporting).
• Required:
o 2-4+ years in Information Security, with 2+ years directly supporting FedRAMP or related NIST RMF frameworks.
o Deep knowledge of NIST SP 800-53 Rev. 5, FedRAMP Moderate/High baselines, and continuous monitoring requirements.
o Hands-on experience maintaining SSP, POA&M, SAP/SAR, and ConMon deliverables; proven success navigating 3PAO assessments and ATO activities.
o Cloud proficiency in AWS (architectural patterns, shared responsibility model, native security services).
o Experience using Cyber GRC Platform(s), (e.g. Xacta, eMASS etc.) working authorizations, control implementations, workflow/evidence management.
o Vulnerability management tools (e.g., Tenable Nessus, Qualys), SIEM/SOAR (e.g., Splunk, AWS Config ), and ticketing platforms (e.g., Jira,).
o Strong technical writing skills and the ability to translate complex security concepts into clear, audit-ready documentation.
o US Citizenship required due to FedRAMP/agency requirements; ability to obtain/maintain appropriate Public Trust (or higher) clearance.
• Preferred:
o Certification(s): CISSP, CAP, CCSK/CCSP, Security+, CISM (any combination preferred).
o Hands on use of Xacta
o Linux use and administration
o Experience Securing a Cloud Service Provider (CSP) FedRAMP Authorized environment.
o Knowledge of OSCAL, automated evidence generation, and compliance-as-code approaches.
o Ability to discuss boundary definition, multi-tenant isolation, and advanced logging/monitoring use cases for FedRAMP.
o Familiarity with FIPS-validated crypto, supply chain risk management, incident response drill coordination, and privacy requirements.
The successful candidate must meet eligibility requirements to access sensitive information, which requires US citizenship.
Telos maintains a drug-free workplace and will conduct drug testing on all applicants who have accepted an offer of employment.
Telos Corporation participates in the E-Verify program. Therefore, any employment with Telos will also be contingent upon confirmation from the Social Security Administration ("SSA") and/or the Department of Homeland Security ("DHS") of your authorization to work in the United States. Telos offers excellent compensation packages including salary commensurate with experience and benefits to meet your needs for today and the future.
Telos Corporation and its subsidiaries are committed to equal opportunity for all, without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, age, veteran status, disability, genetic information, or any other protected characteristic. Telos Corporation will make reasonable accommodations for known physical or mental limitations of otherwise qualified employees and applicants with disabilities unless the accommodation would impose an undue hardship on the operation of our business. If you are interested in applying for an employment opportunity and feel you need a reasonable accommodation pursuant to the ADA, please contact us at 1-800-283-1911. If you require relay service assistance, please click on the following link to review information on your state's relay service: https://www.fcc.gov/accessibility.
Telos Corporation is an EEO/AA employer.
Job Type
Full-Time
Location
Ashburn, VA 20147 US (Primary)
Telos offers an excellent compensation packages including salary commensurate with experience and benefits to meet your needs for today and the future. Telos and its subsidiaries are an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Be a part of the Telos culture and see what sets us apart! Telos offers an excellent compensation package with benefits that include generous paid time off, medical, dental, vision, tuition reimbursement, and 401k. Our employees enjoy more than just a great work environment!
This position will be based at Ashburn VA.
Responsibilities:
• Authority to Operate (ATO) Lifecycle
o Lead, develop, and maintain the System Security Plan (SSP), Security Assessment Plan/Report (SAP/SAR), POA\&M, and associated FedRAMP artifacts (e.g., Inventory, Control Implementation Statements, policies/procedures).
o Coordinate with Product/Engineering, Security Architecture, and Operations to ensure control implementations meet FedRAMP Moderate/High baselines and remain effective across release cycles.
o Partner with 3PAOs and agency stakeholders to support assessments, control gap closure, and ATO maintenance.
• Continuous Monitoring (ConMon)
o Own monthly/quarterly reporting cadence, including vulnerabilities (RA-5), patching (SI-2), configuration management (CM), and incident handling (IR).
o Drive POA\&M management: validate findings, set remediation plans, track due dates, and ensure high-quality closure evidence.
o Ensure timely submission of ConMon deliverables and respond to FedRAMP PMO or AO data calls and actions.
• Risk & Compliance Operations
o Perform risk assessments, control testing, and evidence collection; analyze control effectiveness and propose compensating controls where appropriate.
o Maintain a defensible control inheritance posture across CSP-native services and third-party integrations.
o Monitor changes (architecture, features, suppliers) for security impact and lead Security Impact Analyses (SIAs).
• Security Engineering Partnership
o Work with engineering teams to embed security-by-design and secure SDLC practices; validate IaC baselines and security guardrails.
o Align logging, monitoring, and incident response with FedRAMP expectations (e.g., SIEM use cases, audit log retention, escalation, playbooks).
o Assist with Boundary/Authorization scope management, data flows, and multi-tenant isolation narratives.
• Stakeholder Communication & Governance
o Serve as the point of contact for agencies, 3PAOs, and internal audit/compliance functions.
o Prepare and deliver briefings to leadership on risk posture, audit readiness, and remediation progress.
o Track and report Key Risk Indicators (KRIs) and compliance metrics.
Job Requirements
Required Qualifications
• Core Competencies:
o Ownership mindset with bias for action and detail orientation.
o Excellent stakeholder management-able to work seamlessly with engineering, operations, legal, and agency partners.
o Analytical problem-solver who can balance strict compliance requirements with practical, cloud-native solutions.
o Strong organization and project management skills (deadlines, evidence quality, status reporting).
• Required:
o 2-4+ years in Information Security, with 2+ years directly supporting FedRAMP or related NIST RMF frameworks.
o Deep knowledge of NIST SP 800-53 Rev. 5, FedRAMP Moderate/High baselines, and continuous monitoring requirements.
o Hands-on experience maintaining SSP, POA&M, SAP/SAR, and ConMon deliverables; proven success navigating 3PAO assessments and ATO activities.
o Cloud proficiency in AWS (architectural patterns, shared responsibility model, native security services).
o Experience using Cyber GRC Platform(s), (e.g. Xacta, eMASS etc.) working authorizations, control implementations, workflow/evidence management.
o Vulnerability management tools (e.g., Tenable Nessus, Qualys), SIEM/SOAR (e.g., Splunk, AWS Config ), and ticketing platforms (e.g., Jira,).
o Strong technical writing skills and the ability to translate complex security concepts into clear, audit-ready documentation.
o US Citizenship required due to FedRAMP/agency requirements; ability to obtain/maintain appropriate Public Trust (or higher) clearance.
• Preferred:
o Certification(s): CISSP, CAP, CCSK/CCSP, Security+, CISM (any combination preferred).
o Hands on use of Xacta
o Linux use and administration
o Experience Securing a Cloud Service Provider (CSP) FedRAMP Authorized environment.
o Knowledge of OSCAL, automated evidence generation, and compliance-as-code approaches.
o Ability to discuss boundary definition, multi-tenant isolation, and advanced logging/monitoring use cases for FedRAMP.
o Familiarity with FIPS-validated crypto, supply chain risk management, incident response drill coordination, and privacy requirements.
The successful candidate must meet eligibility requirements to access sensitive information, which requires US citizenship.
Telos maintains a drug-free workplace and will conduct drug testing on all applicants who have accepted an offer of employment.
Telos Corporation participates in the E-Verify program. Therefore, any employment with Telos will also be contingent upon confirmation from the Social Security Administration ("SSA") and/or the Department of Homeland Security ("DHS") of your authorization to work in the United States. Telos offers excellent compensation packages including salary commensurate with experience and benefits to meet your needs for today and the future.
Telos Corporation and its subsidiaries are committed to equal opportunity for all, without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, age, veteran status, disability, genetic information, or any other protected characteristic. Telos Corporation will make reasonable accommodations for known physical or mental limitations of otherwise qualified employees and applicants with disabilities unless the accommodation would impose an undue hardship on the operation of our business. If you are interested in applying for an employment opportunity and feel you need a reasonable accommodation pursuant to the ADA, please contact us at 1-800-283-1911. If you require relay service assistance, please click on the following link to review information on your state's relay service: https://www.fcc.gov/accessibility.
Telos Corporation is an EEO/AA employer.
Job Type
Full-Time
Location
Ashburn, VA 20147 US (Primary)
Telos offers an excellent compensation packages including salary commensurate with experience and benefits to meet your needs for today and the future. Telos and its subsidiaries are an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
group id: 10119964
