Tech Stack

Description

You will lead the lifecycle management of MongoDB's most sensitive US government authorizations, including FedRAMP High, DoD IL5+, CJIS, and ITAR. You will own complex federal assessments, drive continuous monitoring, and translate NIST 800-53 controls into technical requirements for engineering teams, directly enabling MongoDB to serve federal agencies.

Requirements

• 5+ years in GRC, Technical Writing, or IT Audit focused on US Public Sector frameworks (FedRAMP, DoD SRG, CJIS)
• Deep understanding of NIST 800-53 and NIST 800-171 controls implemented in cloud architectures (AWS, GCP, or Azure)
• Proven track record of managing federal audits from kickoff to ATO issuance
• Exceptional ability to explain complex security configurations to government auditors and internal teams
• US Citizenship required

Responsibilities

• Lead end-to-end execution of federal assessments with 3PAOs, agency sponsors, and FedRAMP PMO
• Manage federal continuous monitoring program including vulnerability analysis and POA&M maintenance
• Lead annual update and technical review of core FedRAMP artifacts (SSP, ISCP, IRP)
• Act as technical advisor to Engineering and Operations for cloud configurations meeting federal mandates
• Perform gap analyses for new requirements (CMMC, GovRAMP) and define remediation roadmap