FedRAMP Consultant
Job Description
ATX Defense is seeking an experienced FedRAMP Compliance Consultant on a 1099 contract basis to operationalize and manage compliance for our product. The ideal candidate will possess deep technical knowledge of the NIST 800-53 Rev 5 Moderate baseline, proven experience implementing complex federal frameworks inside a GRC platform, and a track record of translating strict federal requirements into actionable insights for engineering and DevOps teams to action.
About Us
Founded by Army veterans with operational roots inside the NSA, CIA, DIU, and the Pentagon, ATX Defense is on a mission to rescue defense contractors from the crushing weight of compliance. We help small businesses navigate CMMC and modernize their legacy systems—minus the corporate bloat, the confusion, and the extortionate price tags.
Our flagship product, CMMC Space, delivers a turnkey, bulletproof compliant environment at a fraction of traditional costs, engineered by people who have actually lived inside the problem. As an authorized C3PAO, we aren't just following the rules; we are helping define exactly what CMMC compliance looks like at a critical moment in national security.
We are a lean, fierce, Austin-based team that debuted at #1779 on the Inc. 5000 list. We work hard, move with absolute urgency, and have zero tolerance for nonsense. We’re scaling at rocket speed, and we need builders, not passengers. If that sounds like your kind of team, read on.
Key Responsibilities:
GRC Tool Architecture & FedRAMP Implementation
- System Mapping & Customization: Design, configure, and fully build out the selected GRC tool to support the FedRAMP Moderate control baseline, ensuring all 325+ controls and their multi-part sub-objectives are accurately mapped.
- Evidence Automation: Work with engineering and product teams to establish automated evidence-collection workflows.
- Artifact Lifecycle Management: Establish a structured, version-controlled repository within the GRC platform to house core FedRAMP artifacts.
Continuous Monitoring (ConMon) Program Execution
- Monthly Deliverables: Own the end-to-end assembly, quality control, and timely monthly submission of the Plan of Action and Milestones (POA&M) package and associated dependency scan files.
- Change Control & Boundary Integrity: Conduct rigorous Security Impact Analyses (SIA) for all planned engineering changes. Author and submit Significant Change Requests (SCR).
- SLA Enforcement: Establish and maintain the master FedRAMP ConMon Calendar, ensuring that all weekly, monthly, quarterly, annual tasks are scheduled, executed, and documented well ahead of deadlines.
3PAO Liaison & Re-Accreditation Leadership
- Collaborative Forum Leadership: Work with the engineering team to prepare and present at the monthly “Collaborative ConMon” alignment meetings, defending open POA&Ms and pending deviation requests.
- Annual Assessment Scoping: Serve as the primary point of contact for the Third-Party Assessment Organization (3PAO). Coordinate the annual Security Assessment Plan (SAP).
- Standard Operating Procedure (SOPs) and Training: Author comprehensive, step-by-step runbooks and SOPs detailing specific monthly POA&M aggregation, GRC evidentiary workflows, and scan ingestion processes.
Required Skills & Experience (Non-Negotiable)
- Citizenship: Must be a U.S. Citizen located within the United States (due to federal compliance data restrictions).
- FedRAMP Expertise: Minimum of 3–5 years of direct experience successfully preparing, documenting, and guiding cloud systems (SaaS/PaaS/IaaS) through the FedRAMP authorization process.
- Framework Mastery: Deep, working knowledge of NIST SP 800-53 (Rev 5) controls and FedRAMP specific requirements.
- Communication: Exceptional verbal and written communication skills, with a proven ability to translate complex compliance jargon into actionable steps for engineers.
- Problem-Solving & Autonomy: Strong analytical mindset to troubleshoot compliance blockers and work independently as an external consultant.
- GRC Tool Proficiency: Proven, hands-on experience managing an enterprise framework within a prominent GRC platform (i.e., Diligent). Must be capable of mapping controls, managing evidence lifecycles, and configuring technical workflows with minimal oversight.
Preferred/Bonus Skills
- Experience with CMMC Level 2 frameworks (to support cross-over client needs).
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).
- Experience utilizing compliance automation tooling or ticketing/support architectures.
Role Details
- Type: 1099 Contract (Part-Time)
- Location: 100% Remote (within the United States)
- Hours: Flexible hours, but the candidate must maintain regular availability during core Central Time business hours for engineering syncs, 3PAO liaison meetings, and team calls