Senior FedRAMP Compliance Analyst

Coralogix is a modern, full-stack observability platform transforming how businesses process and understand their data. Our unique architecture powers in-stream analytics without reliance on expensive indexing or hot storage. We specialize in comprehensive monitoring of logs, metrics, trace, and security events with features such as APM, RUM, SIEM, Kubernetes monitoring, AI Observability and more, all enhancing operational efficiency and reducing observability spending by up to 70%.

Coralogix is seeking a Senior Compliance Analyst for our FedRAMP compliance program. You will ensure our SaaS meets federal security standards and advance us from FedRAMP Ready to Authorized, partnering with our agency sponsor as we enter audit. Responsibilities include governing established documentation (such as our SSP), coordinating evidence with platform engineering, and collaborating with advisors, auditors, and the 3PAO to drive successful assessments and renewals. This is a full-time position, ideal for a seasoned compliance professional with deep knowledge of NIST SP 800-53 controls and FedRAMP requirements. You will have 5+ years leading ATOs for cloud services, guiding engineering teams from planning through continuous monitoring and acting as our liaison to the FedRAMP Agency and PMO to resolve questions and ensure compliance.

Key Responsibilities & Duties

·      Lead FedRAMP Compliance Project: Oversee the FedRAMP Moderate authorization audit, conducting internal compliance reviews and managing cross-functional efforts to meet project timelines and milestones.

·      Documentation Management: Prepare, review, and update all required FedRAMP security documentation - including the System Security Plan (SSP), Plan of Action & Milestones (POA&M), Security Assessment Plan/Report (SAP/SAR), and related artifacts - ensuring they remain complete and compliant.

·      Controls Assessment: Map and analyze current security controls against the FedRAMP Moderate baseline and NIST SP 800-53 framework to identify gaps and remediation needs. Provide guidance to remediate any gaps and implement required controls.

·      Implement & Monitor Controls: Assist in implementing and monitoring security controls for the FedRAMP environment, and coordinate the continuous monitoring processes to maintain compliance. This includes working closely with DevOps and SecOps teams in overseeing vulnerability scanning, patch management cadence, and other Continuous Monitoring activities.

·      Cross-Functional Coordination: Coordinate with internal teams (DevOps, IT, etc.) to ensure FedRAMP security requirements are integrated into system design, development, and operations. Educate and guide technical teams on FedRAMP controls and best practices for cloud architecture security.

·      Audit Liaison: Serve as the primary liaison with external parties during the FedRAMP assessment. Interface with the Third-Party Assessment Organization (3PAO), the sponsoring agency, and FedRAMP advisors/auditors, scheduling audit activities, providing evidence, and addressing any findings to ensure successful assessments.

·      POA&M Coordination: Coordinate with SecOps the Plans of Action and Milestones (POA&Ms) resulting from security assessments, driving remediation efforts to closure within agreed timelines. Ensure timely resolution of any compliance and security gaps.

·      Reporting & Risk Communication: Communicate identified risks and mitigation plans clearly, and prepare materials for FedRAMP project reviews, audits, and annual assessments as needed.

·      Continuous Improvement: Stay up-to-date with changes in FedRAMP requirements, NIST guidelines, and emerging security threats. Continuously evaluate and recommend improvements to our security controls and processes to maintain FedRAMP compliance and overall security posture.

·      Experience: 5+ years of experience in security compliance or risk management (or equivalent experience), including direct FedRAMP compliance experience.

·      Education & Experience: Strong considerations for a Bachelor’s degree in Information Security, Computer Science, or a related field

·      FedRAMP & NIST Expertise: In-depth knowledge of FedRAMP baseline requirements and the NIST SP 800-53 control framework. Familiarity with FedRAMP’s authorization process and federal information security standards (FISMA) is expected.

·      FedRAMP Audit Experience: Proven experience leading or playing a major role in a FedRAMP Authorization to Operate (ATO) process or FedRAMP security assessment, including preparation of agency audit packages. Hands-on involvement with FedRAMP audits.

·      Cloud Environment Familiarity: Experience working with cloud infrastructure and SaaS environments (especially government cloud platforms such as AWS GovCloud or Azure Government) and implementing security controls in cloud architectures. Knowledge of secure cloud configurations and technologies (e.g., virtualization, containerization, encryption, network security in cloud) is important.

·      Certifications: At least 1 professional certification such as CISSP, CISM, or CGRC, CompTIA Cloud+ (or other cloud/security certifications).

·      Communication & Collaboration: Excellent written and verbal communication skills, with an ability to collaborate effectively with cross-functional teams and convey compliance requirements to both technical and non-technical stakeholders. Experience governing policy documents and presenting security findings or status to leadership is valuable.

·      Analytical Skills: Strong analytical and problem-solving abilities, with keen attention to detail. Able to work independently, manage multiple priorities and deadlines in a fast-paced environment, and maintain a proactive, self-driven approach to meeting compliance objectives.

• Ability to work in Boston HQ 2-3 days per week - Must

Cultural Fit

We’re seeking candidates who are hungry, humble, and smart. Coralogix fosters a culture of innovation and continuous learning, where team members are encouraged to challenge the status quo and contribute to our shared mission. If you thrive in dynamic environments and are eager to shape the future of observability solutions, we’d love to hear from you

Coralogix is an equal-opportunity employer and encourages applicants from all backgrounds to apply.