InfoSec Engineer - Compliance (ATO)

Vannevar Labs is seeking an experienced Information Security Engineer to lead our IL-6 / IL-7 ATO (Authority to Operate) and follow-on compliance efforts. This role will be critical to unlocking our ability to deploy classified capabilities for defense and intelligence customers. You will serve as the dedicated technical leader responsible for achieving platform operation on classified networks, working directly with government ISSMs, AOs, and security stakeholders to navigate the RMF process and achieve ATOs across Navy, Joint, and COCOM user groups.

• Own and execute our strategy for how we approach ATOs across our customers.
• Lead the end-to-end ATO process for IL-6 (SIPR) and IL-7(JWICS) environments, through full authorization and follow-on compliance.
• Own RMF (Risk Management Framework) documentation and control implementation across multiple simultaneous ATOs
• Work with 3PAOs and federal government AOs to achieve compliance certifications and reports
• Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures • Serve as a liaison between system owners and other security personnel, ensuring that selected security controls are effectively implemented and maintained throughout the lifecycle of projects
• Interface directly with government ISSMs, AOs, and security stakeholders to manage authorization packages and navigate accreditation tools (XACTA, eMASS)
• Design and implement role-based access controls, data classification frameworks, and audit logging capabilities for classified environments
• Architect solutions for handling TS/SCI data with proper controls and separation that meet DoD requirements
• Ensure compliance with DISA STIGs, SRGs, NIST 800-53, and DoD hardening standards
• Build scalable systems and processes for managing ATOs across different customers and sponsors
• Coordinate with platform engineering teams on security roadmap priorities and technical implementation
• Manage relationships with government sponsors and identify opportunities to parallel-path authorization efforts
• Work closely with mission engineering teams deploying to classified environments and partner with compliance engineering on FedRAMP and CMMC efforts
• Brief executive leadership on ATO status, risks, and strategic decisions

• Must have personally led or been deeply involved in achieving ATOs or DISA provisional authorizations
• 5+ years in information security, with significant time in government/DoD compliance
• Direct experience with RMF, NIST 800-53, DISA STIGs, and IL-4/IL-5/IL-6/IL-7 environments
• Track record of working closely with government ISSMs, AOs, to navigate and expedite bureaucratic processes
• Experience with XACTA, eMASS, or similar government accreditation platforms
• Deep understanding of classified network architectures (SIPR, JWICS)
• Experience implementing RBAC, audit logging, and data classification systems
• Knowledge of cloud security in AWS GovCloud, Google Government, and Azure Government
• Familiarity with container security, Kubernetes/OpenShift in classified environments
• Understanding of cross-domain solutions and data transfer between classification levels
• Ability to navigate complex government processes and build relationships with government stakeholders
• Strong written communication for technical documentation and compliance artifacts
• Must hold an active U.S. TS Security clearance with SCI Eligibility

• Health, dental, and vision insurance
• Remote friendly with WeWork access
• Unlimited PTO, shared downtime during the federal holiday calendar, and company-wide off time at the end of each year
• 401(k) match
• Lifestyle & wellbeing stipends
• Salary top-up during military reserve duty
• Fully paid parental leave
• Child and pet care reimbursement during travel