Security Authorization Specialist

About the Role

Second Front Systems (2F) is seeking an ambitious, highly autonomous, and detail-driven Security Authorization Specialist to join our mission-driven team. We are a dynamic, fast-growing entrepreneurial company at the intersection of cutting-edge technology and national security, committed to delivering transformative solutions that empower our nation’s defenders. This is an opportunity to play a leadership role in the security, trust posture, and operational execution of a company that is redefining how software is delivered and secured in the defense sector.

At 2F, we thrive on innovation and purpose, combining a startup’s agility with a clear mission to support national security. As a Security Authorization Specialist, you will be the primary engine driving the authorization work behind the deployment and scaling of our revolutionary Game Warden platform—an industry-leading tool that is accelerating the secure adoption of mission-critical SaaS solutions for the U.S. government. If you’re ready to own complex compliance work streams, guide technical teams, and make a measurable impact on national security, we want to hear from you.

The Security Authorization Specialist will fully own the technical implementation and documentation work streams that keep Game Warden authorized across FedRAMP and related US agency ATO programs. You will lead the authoring of control narratives, build and maintain rigorous authorization evidence, and drive continuous monitoring so our authorizations remain unassailable.

Note: This role requires U.S. citizenship due to government contract requirements. Additionally, candidates must reside in one of our approved hiring hubs: DC/MD/VA | Raleigh/Durham/Chapel Hill, NC | Denver/Colorado Springs, CO | Dallas/Fort Worth, TX.

What You’ll Do (Scope of Responsibility)

• Lead Authorization Work streams: Independently drive the end-to-end authorization lifecycle for Game Warden across FedRAMP and US agency ATO packages, managing initial authorizations, annual assessments, and significant change requests.

• Artifact Ownership: Author, refine, and maintain high-quality System Security Plans (SSPs), control implementation narratives, Plans of Action & Milestones (POA&Ms), and supporting authorization artifacts. Ensure everything accurately reflects our modern cloud architecture, controls, and operating reality.

• Proactive Continuous Monitoring: Manage day-to-day continuous monitoring activities, including monthly POA&M updates, vulnerability and patch reporting, significant change reviews, and annual control assessments. Drive findings and control gaps to closure with engineering teams.

• Technical Point of Contact: Serve as the primary front-line technical point of contact for 3PAOs, agency reviewers, and sponsor authorization officials during assessments, readiness reviews, and audits.

• Engineering Partnership: Partner closely with Product, Engineering, Security Operations, and Cybersecurity Assessment teams to map complex cloud-native controls to FedRAMP and NIST 800-53 requirements, ensuring defensible evidence collection.

• Translate Policy to Tech: Act as a bridge between compliance and engineering. Translate dense regulatory requirements into clear, actionable, technical guidance that developers can actually implement.

• Leverage GRC Automation: Utilize and help optimize our GRC and evidence automation tooling to streamline control mapping and evidence collection. Write basic scripts or queries (e.g., Python, Bash, SQL, simple API calls) to automate repetitive compliance tasks and save the team time.

• Process Evolution: Contribute to the continuous improvement of 2F’s authorization processes, tooling, and evidence workflows as we scale our portfolio across frameworks and environments.

Skills You’ll Bring to Our Team

• Experience: 7+ years of experience in security compliance, cybersecurity authorization, or GRC work, with deep, hands-on experience driving FedRAMP Moderate/High or DoD Impact Level packages.

• Framework Expertise: Strong, practical working knowledge of NIST 800-53 (Rev 4/5), NIST 800-37 (RMF), and FedRAMP-specific guidance and templates.

• Cloud Architecture Literacy: Solid understanding of modern cloud environments and how cloud-native patterns (AWS services, containers, Kubernetes, CI/CD pipelines) map to technical controls.

• Assessment Track Record: Proven success supporting 3PAO assessments, annual reviews, or agency ATO efforts from the vendor or integrator side.

• Communication: Exceptional written communication skills; a proven ability to produce assessor-ready technical documentation and clear control narratives.

• Clearance & Certifications:

  • Active U.S. Top Secret (TS) security clearance required; eligibility for access to Sensitive Compartmented Information (SCI) required.

  • Active professional security certification such as CISSP, CISM, or Security+.

Preferred Qualifications

• DoD Authorizations: Hands-on experience with DoD IL4/IL5 authorizations, DISA Cloud Computing SRG, or agency-specific ATO processes.

• GRC Tooling: Experience with modern GRC and evidence automation platforms (e.g., Drata, Xacta, RegScale, or similar), including configuring integrations and building reusable evidence workflows.

• Compliance-as-Code: Exposure to infrastructure-as-code (Terraform) and cloud-native observability tooling in support of automated, continuous control evidence.

• Mission Focused: Prior experience working in cleared or classified environments with government authorization stakeholders, and a strong interest in matters of national security.

Compensation

The expected base salary range for this role is $119,000 – $160,000. Final compensation will be based on factors such as experience, skills, level, and geographic location. This role may also be eligible for discretionary bonuses and equity grants as part of the total compensation package.

Success at 2F Looks Like:

• Viewing obstacles as opportunities for growth

   

• Having a bias toward action and tangible, measurable results

   

• Striving to be both compassionate and direct with your feedback

   

• Being team-oriented and inclusive with your actions

   

Perks & Benefits

As a public benefit corporation, we’re a team of purpose-driven trailblazers transforming the future of U.S. national security. We hire the best to do their best and, as such, we are committed to providing the perks and benefits you need to be successful—both in- and outside the workplace.

We offer you:

• Competitive Salary

• 100% Healthcare, vision and dental coverage

• 401(k) + 3% company contribution

• Equity incentive plan

• Tech + office supplies stipend

• Annual professional development stipend

• Flexible paid time off + federal holidays off

• Parental leave

• Work from anywhere

• Referral Bonus

Who We Are

Second Front Systems (2F) is a public-benefit software company powering software for the free world. We eliminate the friction that slows innovation, enabling faster, more secure development and deployment of software across government and regulated networks. Built by national security veterans and backed by top-tier venture capital, our platform is trusted by the world’s leading organizations to cut deployment timelines from years to weeks. We move fast, solve hard problems, and deliver trusted capabilities where they’re needed most. Our work strengthens global security and gives the United States and its allies a lasting competitive advantage. Learn more at secondfront.com.

One Last Thing...

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.

This position will remain open until filled, and applications will be reviewed on a rolling basis.

State Notices

Colorado:

In accordance with Colorado law, applicants may redact their date of birth, dates of attendance, and dates of graduation from any uploaded documents.

Maryland:

UNDER MARYLAND LAW, AN EMPLOYER MAY NOT REQUIRE OR DEMAND, AS A CONDITION OF EMPLOYMENT, PROSPECTIVE EMPLOYMENT, OR CONTINUED EMPLOYMENT, THAT AN INDIVIDUAL SUBMIT TO OR TAKE A POLYGRAPH EXAMINATION OR SIMILAR TEST. AN EMPLOYER WHO VIOLATES THIS LAW IS GUILTY OF A MISDEMEANOR AND SUBJECT TO A FINE NOT EXCEEDING $100.