US Public Sector Compliance Analyst

• Support day-to-day activities for Rapid7's US Public Sector compliance programs with a primary focus on FedRAMP
• Assist in maintaining compliance documentation including policies procedures system security plans (SSPs) authorization artifacts and supporting evidence
• Support continuous monitoring (ConMon) activities including ongoing evidence collection and reporting
• Assist in managing Plans of Action & Milestones (POA&Ms) including tracking remediation progress timelines and risk ownership
• Track and support control implementation aligned to NIST 800-53 rev. 5 and NIST 800-171
• Use ATO-focused GRC platforms such as Paramify ServiceNow GRC Onspring or RegScale to manage compliance status risks and findings
• Partner with Engineering and Security teams to understand technical control implementations vulnerabilities and remediation plans
• Support audit and assessment readiness activities including ATO packages and regulatory reporting
• Assist with vendor reviews including Control Implementation Summaries (CIS) and Customer Responsibility Matrices (CRM)
• Help identify opportunities to improve GRC POA&M and ConMon processes through standardization automation and improved data quality
• Gain hands-on exposure to evolving requirements such as CMMC new Executive Orders and emerging US public sector cybersecurity initiatives

• 2-5 years of experience (or equivalent academic internship or early-career experience) in cybersecurity risk compliance governance or cloud security
  (Candidates with slightly more experience are welcome to apply)
• Foundational knowledge of NIST 800-53 and/or NIST 800-171
• Interest in US Government and SLED cybersecurity programs (FedRAMP GovRAMP StateRAMP)
• Experience or familiarity with ATO-focused GRC platforms such as Paramify ServiceNow GRC Onspring or RegScale
• Ability to understand and document both policy-based and technical security controls
• Strong analytical skills attention to detail and comfort working with structured documentation
• Clear written and verbal communication skills
• A curious collaborative mindset and eagerness to learn

• Exposure to AWS or cloud-based environments
• Familiarity with vulnerability management security scanning or cloud security concepts
• Experience or interest in POA&M workflows continuous monitoring or risk remediation
• Familiarity with frameworks such as FISMA CMMC StateRAMP or ISO 27001
• Interest in compliance automation OSCAL or policy-as-code approaches
• Early-career certifications or coursework in cybersecurity cloud security or information assurance

What We Do

At Rapid7 our vision is to create a secure digital world for our customers our industry and our communities. We do this by harnessing our collective expertise and passion to challenge what’s possible and drive extraordinary impact. We’re building a dynamic and collaborative workplace where new ideas are welcome. Protecting 11000+ customers against bad actors and threats means we’re continuing to push the envelope - just like we’ve been doing for the past 20 years. If you’re ready to solve some of the toughest challenges in cybersecurity we’re ready to help you take command of your career. Join us.

Why Work With Us

With our products research and open source communities we’re building a secure digital future for everyone. This means constantly learning and evolving in an industry that’s anything but stagnant. You’ll be faced with tough challenges and given the support to find creative solutions that drive our business and your career forward.

Gallery