Knexus has been delivering AI solutions to the government for over 20 years. Getting our tech into the hands of government operators requires navigating complex security landscapes. We are looking for an ATO Warrior-a technical compliance expert who bridges the gap between federal security requirements and modern software development.
-
Position Type: Full-Time, Individual Contributor (No direct reports)
-
Location: 100% Remote (US-Based)
-
Clearance: Must be a US Citizen with the ability to obtain and maintain a federal security clearance.
-
#1 Experience Ask: Direct and technical ATO experience with the federal government
We don't need an Infrastructure Engineer to write code, nor do we need a rigid auditor who just says "no." We need a Technical ISSO/ISSP who loves the challenge of the Authority to Operate (ATO) process. You will own our compliance paperwork, navigate NIST frameworks, and act as a consultative partner to our engineering team-showing them exactly how to adjust our software to clear federal hurdles.
What You'll Do (Responsibilities)
-
Own the ATO Process: Drive the end-to-end Risk Management Framework (RMF) and ATO/cATO processes to get our cloud-based software approved for government use.
-
Translate Compliance to Code: Work hand-in-hand with our development team. You won't be writing the code or taking coding tests, but you must be able to translate complex NIST SP 800-53 controls and DISA STIG requirements into precise, actionable technical instructions for developers.
-
Conquer the Paperwork: Author, update, and maintain critical compliance artifacts, including System Security Plans (SSP), POAMs, and continuous monitoring documentation.
-
Multi-Cloud Vigilance: Ensure our software architecture meets rigorous compliance baselines across various cloud environments (including AWS, Azure, and GCP).
-
Be the Security Liaison: Serve as the primary technical point of contact for external government assessors, ISSMs, and internal engineering stakeholders.
What You Bring (Qualifications)
-
Direct ATO Experience: Proven track record of successfully guiding commercial SaaS or cloud-based software through the federal ATO, cATO, or FedRAMP authorization processes. Prior success as an ISSO or Information System Security Professional (ISSP).
-
The "Developer Whisperer" Mindset: Strong technical literacy. You must be comfortable digging into the details of cloud architecture and containerization so you can give developers hyper-specific remediation steps, not generic compliance checklists.
-
Framework Fluency: Deep, hands-on familiarity with NIST frameworks (800-53, 800-37) and DISA STIGs.
-
Cloud Agnostic Awareness: Solid understanding of security best practices within major cloud providers (AWS, Azure, and GCP).
-
Industry Credentials: Possession of (or immediate eligibility for) standard DoD 8570/8140 IAM/IAT certifications, such as CISSP, Security+, CISM, or equivalent ISSP/ISSM aligned baselines.
-
Autonomous Drive: Exceptional organizational skills to handle heavy documentation loads independently in a fully remote environment.
Why Knexus?
-
100% Remote Culture: Work from anywhere in the United States with a team that values output over facetime.
-
Mission-Driven Impact: Your work directly unblocks critical software, ensuring it reaches the government users who need it most.