Renata
Back to jobs
Clearview Social, Inc.

FedRAMP Analyst

Clearview Social, Inc.
Remote USAPosted Yesterday
Full Time

Job Description

FedRAMP Analyst

Department: Security & IT

Employment Type: Full Time

Location: Remote USA

Compensation: $80,000 - $100,000 / year

Description

The FedRAMP Analyst is responsible for day-to-day execution of Clearview AI’s FedRAMP Continuous Monitoring (CONMON) program for Clearview’s federal-authorized platforms, including FedRAMP High. This role owns monthly CONMON deliverables (vulnerability tracking, POA&M updates, inventory reporting, and monthly executive reporting inputs), supports annual 3PAO assessment preparation, and maintains audit-ready evidence repositories aligned to the approved ATO package (SSP and appendices). 
The FedRAMP Analyst partners closely with Engineering, Security & IT, Legal, People Operations, and external compliance partners to ensure authorized systems remain compliant, secure, and ready to support active U.S. Government customer usage. This role is scoped exclusively to FedRAMP; any future DoD IL program will be staffed as a separate position and is out of scope for this role.



Key Responsibilities

  • Execute the monthly FedRAMP CONMON calendar and ensure timely completion of all required artifacts and submissions.
  • Own monthly vulnerability remediation tracking: intake scan outputs, open/track remediation tickets, validate closure evidence, and ensure SLA adherence (e.g., 30/90/180-day timelines).
  • Maintain and update the Plan of Action and Milestones (POA&M): create/update POA&M items, document milestones, track due dates, coordinate risk statements with Legal, and route for approvals.
  • Generate and maintain monthly inventory and configuration evidence (e.g., Integrated Inventory Workbook/IIW updates, authorized software evidence, baseline/config drift support).
  • Prepare monthly CONMON reporting packages, including Monthly Security Status Reports, CONMON Executive Summary inputs, deviation requests, and other stakeholder reports required by the Sponsoring Agency, FedRAMP PMO, or Authorizing Official.
  • Prepare deviation and exception requests: gather technical justification, compensating control documentation, scope/impact statements, and route through required approvals.
  • Support continuous monitoring governance activities: access review evidence, log/monitoring review evidence, and coordination of corrective actions with Engineering and Security & IT.
  • Maintain the CONMON and ATO artifact repository in Google Drive (or designated system): version control, naming conventions, evidence indexing, and audit-ready structure.
  • Support annual security testing activities (e.g., penetration tests, red-team exercises if applicable, IR/ISCP tabletop exercises) by tracking schedules, collecting artifacts, and documenting remediation status.
  • Support annual 3PAO assessment coordination: evidence collection, interview scheduling, assessor Q&A tracking, and findings remediation tracking in partnership with the VP, Federal Operations.
  • Support significant change workflows: help determine compliance impact, document change narratives, update SSP appendices as required, and maintain change evidence for CONMON.
  • Track training compliance for federal systems (Rules of Behavior acknowledgements, required awareness training completion) in coordination with People Ops and Security & IT.
  • Serve as a primary day-to-day point of contact for internal stakeholders for FedRAMP evidence requests and compliance status updates; escalate risks and blockers to the VP, Federal Operations.


Skills, Knowledge and Expertise

  • 3+ years of experience in cybersecurity compliance, GRC, or operating regulated cloud environments (FedRAMP, DoD IL, CJIS, HIPAA, PCI, ISO 27001/42001, or similar).
  • Demonstrated experience executing continuous monitoring or recurring compliance reporting programs (monthly cadence preferred).
  • Working knowledge of NIST 800-53 and FedRAMP concepts (POA&M management, SSP/ATO artifact structure, assessment evidence expectations).
  • Experience coordinating vulnerability remediation tracking and translating technical findings into compliance artifacts (tickets, evidence, milestones, risk language).
  • Strong project management and organizational skills; ability to manage multiple deadlines and stakeholder inputs.
  • Excellent communication skills for producing audit-ready narratives, status reports, and executive summaries.
  • Comfort working with technical teams (Engineering, Security) to obtain evidence and validate remediation outcomes.
  • Experience using common tooling for evidence and workflow tracking (Google Drive, Jira/Linear, spreadsheets, ticketing systems).
  • Ability to manage confidential and sensitive cybersecurity information.
  • Candidates must be able to meet government security clearance requirements as required for this role.
Preferred Qualifications:
  • Direct experience supporting a FedRAMP Moderate/High authorization, annual 3PAO assessment, or agency ATO process.
  • Experience with SecondFront/Game Warden or other FedRAMP-adjacent platforms and inherited-control models.
  • Familiarity with vulnerability scanning, SIEM/log review concepts, and secure SDLC evidence (SAST/DAST, threat modeling).
  • Experience with evidence automation or compliance engineering approaches (repeatable evidence packets, templates, control mapping).
  • Relevant certifications (e.g., Security+, SSCP, CISSP Associate, CAP, CISA, PMP).


Benefits

  • Medical, Dental, Vision, STD and LTD Plans
  • FSA - Medical and Dependent Care
  • EAP and wellness programs
  • 13 Paid Holidays
  • Unlimited PTO
  • Flexible work environment - 100% remote
  • 401(k) plan

See Your Match Score

Sign up and Renata will show you how this job matches your skills and experience.

About Clearview Social, Inc.
11-50 employees
Buffalo, NY, US
Website
FedRAMP Analyst at Clearview Social, Inc. | Renata