Cybersecurity Compliance Analyst
Bigbear.ai, Baltimore, MD, United States
Overview
BigBear.ai is seeking a Cybersecurity Compliance Analyst to Enter manage the overall compliance posture of systems implementing an ATO Automation Platform, interpret automated compliance findings, coordinate with security assessors and Authorizing Officials, and ensure all compliance artifacts meet federal requirements. This role translates technical security implementations into compliance documentation and manages the Authority to Operate (ATO) process. This position will be based out of our Columbia, MD office but will support multiple customers in the Baltimore/Washington corridor and beyond.
What you will do
Manage end-to-end ATO processes leveraging the ATO Automation Platform’s automated documentation generation capabilities to reduce timelines from months to weeks
Review and validate AI-generated System Security Plans (SSPs), Security Assessment Plans (SAPs), and Plan of Action & Milestones (POA&Ms)
Conduct gap analyses comparing current system implementations against FedRAMP, CMMC, and NIST 800-53 requirements using ATO Automation Platform’s assessment features
Coordinate with Third-Party Assessment Organizations (3PAOs) during security assessments and provide evidence collected through an ATO Automation Platform’s automated mechanisms
Customize ATO Automation Platform compliance templates to incorporate customer-specific security overlays and organizational requirements
Monitor compliance status dashboards and triage findings identified through continuous automated scanning
Maintain compliance documentation currency by leveraging ATO Automation Platform’s code-driven documentation approach that automatically updates artifacts as systems change
Prepare monthly continuous monitoring deliverables for Authorizing Officials and security stakeholders
Customize the ATO Automation Platform’s FedRAMP Moderate baseline template to include Intelligence Community Directive 503 overlay controls
Review AI-generated control implementation statements for AC-2 (Account Management) and validate against actual IAM configurations
Coordinate initial readiness assessment with 3PAO, providing evidence packages auto-generated by the ATO Automation Platform
Configure the ATO Automation Platform to map customer’s AWS security group configurations to SC-7 (Boundary Protection) control requirements
Generate monthly POA&M updates using the ATO Automation Platform’s automated vulnerability tracking and remediation status features
What you need to have
Bachelor's Degree with a Technical concentration with at least 10 years of professional experience
TS/SCI with an active Poly clearance
Deep expertise in federal compliance frameworks: FedRAMP (Low/Moderate/High), NIST 800-53 Rev 5, CMMC 2.0
Experience managing ATO processes and working with Authorizing Officials and 3PAOs
Strong understanding of Risk Management Framework (RMF) and security assessment methodologies
Proficiency in compliance documentation standards including SSPs, SAPs, SAPs, POA&M
Knowledge of federal information security regulations (FISMA, DFARS clauses)
Experience with continuous monitoring requirements and reporting
Understanding of cloud security models and shared responsibility frameworks
Ability to interpret technical security configurations and translate them into compliance language
What we'd like you to have
Prior experience with AI-driven or automated compliance platforms
Familiarity with OSCAL data formats and machine-readable compliance artifacts
Experience with DoD Security Requirements Guide (SRG) or Intelligence Community compliance requirements
Knowledge of GovRAMP or state-level compliance frameworks
Certifications: Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), FedRAMP training certifications
Understanding of supply chain risk management and SBOM requirements
Experience working in classified or air-gapped environments
Background in federal procurement and contract compliance
About BigBear.ai BigBear.ai is a leading provider of AI-powered decision intelligence solutions for national security, supply chain management, and digital identity. Customers and partners rely on Bigbear.ai’s predictive analytics capabilities in highly complex, distributed, mission-based operating environments. Headquartered in McLean, Virginia, BigBear.ai is a public company traded on the NYSE under the symbol BBAI. For more information, visit https://bigbear.ai/ and follow BigBear.ai on LinkedIn: @BigBear.ai and X: @BigBearai.
BigBear.ai is an Equal opportunity employer all protected groups, including protected veterans and individuals with disabilities.
#J-18808-Ljbffr
What you will do
Manage end-to-end ATO processes leveraging the ATO Automation Platform’s automated documentation generation capabilities to reduce timelines from months to weeks
Review and validate AI-generated System Security Plans (SSPs), Security Assessment Plans (SAPs), and Plan of Action & Milestones (POA&Ms)
Conduct gap analyses comparing current system implementations against FedRAMP, CMMC, and NIST 800-53 requirements using ATO Automation Platform’s assessment features
Coordinate with Third-Party Assessment Organizations (3PAOs) during security assessments and provide evidence collected through an ATO Automation Platform’s automated mechanisms
Customize ATO Automation Platform compliance templates to incorporate customer-specific security overlays and organizational requirements
Monitor compliance status dashboards and triage findings identified through continuous automated scanning
Maintain compliance documentation currency by leveraging ATO Automation Platform’s code-driven documentation approach that automatically updates artifacts as systems change
Prepare monthly continuous monitoring deliverables for Authorizing Officials and security stakeholders
Customize the ATO Automation Platform’s FedRAMP Moderate baseline template to include Intelligence Community Directive 503 overlay controls
Review AI-generated control implementation statements for AC-2 (Account Management) and validate against actual IAM configurations
Coordinate initial readiness assessment with 3PAO, providing evidence packages auto-generated by the ATO Automation Platform
Configure the ATO Automation Platform to map customer’s AWS security group configurations to SC-7 (Boundary Protection) control requirements
Generate monthly POA&M updates using the ATO Automation Platform’s automated vulnerability tracking and remediation status features
What you need to have
Bachelor's Degree with a Technical concentration with at least 10 years of professional experience
TS/SCI with an active Poly clearance
Deep expertise in federal compliance frameworks: FedRAMP (Low/Moderate/High), NIST 800-53 Rev 5, CMMC 2.0
Experience managing ATO processes and working with Authorizing Officials and 3PAOs
Strong understanding of Risk Management Framework (RMF) and security assessment methodologies
Proficiency in compliance documentation standards including SSPs, SAPs, SAPs, POA&M
Knowledge of federal information security regulations (FISMA, DFARS clauses)
Experience with continuous monitoring requirements and reporting
Understanding of cloud security models and shared responsibility frameworks
Ability to interpret technical security configurations and translate them into compliance language
What we'd like you to have
Prior experience with AI-driven or automated compliance platforms
Familiarity with OSCAL data formats and machine-readable compliance artifacts
Experience with DoD Security Requirements Guide (SRG) or Intelligence Community compliance requirements
Knowledge of GovRAMP or state-level compliance frameworks
Certifications: Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), FedRAMP training certifications
Understanding of supply chain risk management and SBOM requirements
Experience working in classified or air-gapped environments
Background in federal procurement and contract compliance
About BigBear.ai BigBear.ai is a leading provider of AI-powered decision intelligence solutions for national security, supply chain management, and digital identity. Customers and partners rely on Bigbear.ai’s predictive analytics capabilities in highly complex, distributed, mission-based operating environments. Headquartered in McLean, Virginia, BigBear.ai is a public company traded on the NYSE under the symbol BBAI. For more information, visit https://bigbear.ai/ and follow BigBear.ai on LinkedIn: @BigBear.ai and X: @BigBearai.
BigBear.ai is an Equal opportunity employer all protected groups, including protected veterans and individuals with disabilities.
#J-18808-Ljbffr