Posted today
Top Secret/SCI
Unspecified
Polygraph
IT - Security
Annapolis Junction, MD (On-Site/Office)
Overview
BigBear.ai is seeking a Cybersecurity Compliance Analyst to Enter manage the overall compliance posture of systems implementing an ATO Automation Platform, interpret automated compliance findings, coordinate with security assessors and Authorizing Officials, and ensure all compliance artifacts meet federal requirements. This role translates technical security implementations into compliance documentation and manages the Authority to Operate (ATO) process. This position will be based out of our Columbia, MD office but will support multiple customers in the Baltimore/Washington corridor and beyond.
What you will do
What you need to have
What we'd like you to have
About BigBear.ai
BigBear.ai is a leading provider of AI-powered decision intelligence solutions for national security, supply chain management, and digital identity. Customers and partners rely on Bigbear.ai's predictive analytics capabilities in highly complex, distributed, mission-based operating environments. Headquartered in McLean, Virginia, BigBear.ai is a public company traded on the NYSE under the symbol BBAI. For more information, visit https://bigbear.ai/ and follow BigBear.ai on LinkedIn: @BigBear.ai and X: @BigBearai.
BigBear.ai is an Equal opportunity employer all protected groups, including protected veterans and individuals with disabilities.
BigBear.ai is seeking a Cybersecurity Compliance Analyst to Enter manage the overall compliance posture of systems implementing an ATO Automation Platform, interpret automated compliance findings, coordinate with security assessors and Authorizing Officials, and ensure all compliance artifacts meet federal requirements. This role translates technical security implementations into compliance documentation and manages the Authority to Operate (ATO) process. This position will be based out of our Columbia, MD office but will support multiple customers in the Baltimore/Washington corridor and beyond.
What you will do
- Manage end-to-end ATO processes leveraging the ATO Automation Platform's automated documentation generation capabilities to reduce timelines from months to weeks
- Review and validate AI-generated System Security Plans (SSPs), Security Assessment Plans (SAPs), and Plan of Action & Milestones (POA&Ms)
- Conduct gap analyses comparing current system implementations against FedRAMP, CMMC, and NIST 800-53 requirements using ATO Automation Platform's assessment features
- Coordinate with Third-Party Assessment Organizations (3PAOs) during security assessments and provide evidence collected through an ATO Automation Platform's automated mechanisms
- Customize ATO Automation Platform compliance templates to incorporate customer-specific security overlays and organizational requirements
- Monitor compliance status dashboards and triage findings identified through continuous automated scanning
- Maintain compliance documentation currency by leveraging ATO Automation Platform's code-driven documentation approach that automatically updates artifacts as systems change
- Prepare monthly continuous monitoring deliverables for Authorizing Officials and security stakeholders
- Customize the ATO Automation Platform's FedRAMP Moderate baseline template to include Intelligence Community Directive 503 overlay controls
- Review AI-generated control implementation statements for AC-2 (Account Management) and validate against actual IAM configurations
- Coordinate initial readiness assessment with 3PAO, providing evidence packages auto-generated by the ATO Automation Platform
- Configure the ATO Automation Platform to map customer's AWS security group configurations to SC-7 (Boundary Protection) control requirements
- Generate monthly POA&M updates using the ATO Automation Platform's automated vulnerability tracking and remediation status features
What you need to have
- Bachelor's Degree with a Technical concentration with at least 10 years of professional experience
- TS/SCI with an active Poly clearance
- Deep expertise in federal compliance frameworks: FedRAMP (Low/Moderate/High), NIST 800-53 Rev 5, CMMC 2.0
- Experience managing ATO processes and working with Authorizing Officials and 3PAOs
- Strong understanding of Risk Management Framework (RMF) and security assessment methodologies
- Proficiency in compliance documentation standards including SSPs, SAPs, SAPs, POA&Ms
- Knowledge of federal information security regulations (FISMA, DFARS clauses)
- Experience with continuous monitoring requirements and reporting
- Understanding of cloud security models and shared responsibility frameworks
- Ability to interpret technical security configurations and translate them into compliance language
What we'd like you to have
- Prior experience with AI-driven or automated compliance platforms
- Familiarity with OSCAL data formats and machine-readable compliance artifacts
- Experience with DoD Security Requirements Guide (SRG) or Intelligence Community compliance requirements
- Knowledge of GovRAMP or state-level compliance frameworks
- Certifications: Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), FedRAMP training certifications
- Understanding of supply chain risk management and SBOM requirements
- Experience working in classified or air-gapped environments
- Background in federal procurement and contract compliance
About BigBear.ai
BigBear.ai is a leading provider of AI-powered decision intelligence solutions for national security, supply chain management, and digital identity. Customers and partners rely on Bigbear.ai's predictive analytics capabilities in highly complex, distributed, mission-based operating environments. Headquartered in McLean, Virginia, BigBear.ai is a public company traded on the NYSE under the symbol BBAI. For more information, visit https://bigbear.ai/ and follow BigBear.ai on LinkedIn: @BigBear.ai and X: @BigBearai.
BigBear.ai is an Equal opportunity employer all protected groups, including protected veterans and individuals with disabilities.
group id: 10424449
