FedRAMP Compliance Analyst

at  PTC INC

Our world is transforming, and PTC is leading the way. Our software brings the physical and digital worlds together, enabling companies to improve operations, create better products, and empower people in all aspects of their business.
Our people make all the difference in our success. Today, we are a global team of nearly 7,000 and our main objective is to create opportunities for our team members to explore, learn, and grow – all while seeing their ideas come to life and celebrating the differences that make us who we are and the work we do possible.

This role is critical in ensuring our compliance with FedRAMP requirements and maintaining PTC’s high standards of security. The successful candidate:

• will interpret compliance controls for security, product, and engineering teams to support the development and implementation of automation, while managing vulnerabilities, especially within the Continuous Monitoring (ConMon) domain
• will partner with internal and external stakeholders, including vendors and third-party assessment organizations (3PAOs), to ensure remediation is completed, controls are implemented and documented in accordance with FedRAMP compliance standards, and SLAs are met.

QUALIFICATIONS

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Minimum of 4-5 years of experience in information security, with a specific focus on FedRAMP compliance.
• Strong governance, risk and compliance experience and familiarity with cloud data security (NIST SP 800 Series, FedRAMP and DISA)
• Experience with technical documentation related to FIPS 199, NIST SP 800-53 REV 5, continuous monitoring, and POA&M management
• Experience with Wiz, Tenable Nessus, or similar CNAPP solutions
• Experience with logging and alerting solutions such as SumoLogic
• Specific experience working with cloud technologies such as AWS GovCloud, and/or Salesforce gov cloud and/or Azure Government
• Knowledge in AWS core services and Kubernetes
• Experience with scripting language such as Python
• Clearance: To comply with U.S. federal government security requirements, U.S. citizenship or Green Card is required, and your employment will be conditioned upon obtaining the Public Trust Verification.

SKILLS:

• Excellent verbal and written communication skills, with the ability to explain complex technical concepts to non-technical audiences.
• Ability to work independently and as part of a team, managing multiple tasks and projects simultaneously.
• Strong analytical and problem-solving skills.

ADDITIONAL QUALIFICATIONS

• Experience in automating security and compliance processes.
• Certifications: Security certifications such as CISSP, CISM, CISA, or equivalent.
• Additional relevant certifications, such as AWS Certified Security, Microsoft Certified: Azure Security Engineer
  PTC carefully considers a wide range of compensation factors, which include a candidate’s background and experience, in determining salary for a position. Compensation will vary based on these factors, but PTC anticipates the salary range for this position to be between $90,000 - $110,000 . The actual pay may be lower or higher depending on a candidate’s skills, qualifications, experience, and location and may also include the opportunity to earn a discretionary bonus. Additionally, every PTC employee has the opportunity to become a PTC shareholder through our employee share purchase program which allows employees to purchase discounted PTC stock and, for eligible roles, an equity grant. Subject to the terms and conditions of PTC’s benefits programs, employees may be eligible for medical, dental and vision insurance, paid time off and sick leave policies, tuition reimbursement, 401(k) contributions and employer match, flexible spending accounts, life insurance, disability coverage and a generous commuter subsidy.
  At PTC, we believe in the power of diverse ideas and perspectives. As a global company that values and respects all identities, cultures, and perspectives, we strive to create an inclusive PTC for ALL through an environment where everyone feels like they belong and are empowered to bring their true, authentic selves to work. Proud to be an Equal Opportunity and Affirmative Action Employer, we welcome applicants from all backgrounds and hire without regard to race, national origin, religion, age, color, ethnicity, ancestry, marital status, sex (including pregnancy), sexual orientation, gender identity, gender expression, genetic identity, disability, veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.
  Life at PTC is about more than working with today’s most cutting-edge technologies to transform the physical world. It’s about showing up as you are and working alongside some of today’s most talented industry leaders to transform the world around you.
  If you share our passion for problem-solving through innovation, you’ll likely become just as passionate about the PTC experience as we are. Are you ready to explore your next career move with us?
  We respect the privacy rights of individuals and are committed to handling Personal Information responsibly and in accordance with all applicable privacy and data protection laws. Review our Privacy Policy here .

WHAT YOU’LL DO

• Independently lead walkthroughs and manage projects, ensuring adherence to timelines and budgets
• Maintain documentation and perform continuous monitoring (Identify vulnerabilities and risks) of compliance with FedRAMP standards
• Assist with authorization packages, System Security Plans, and preparing for FedRAMP P-ATO assessments
• Collaborate with team members to help manage the continuous monitoring (ConMon) program, including internal and external reporting on vulnerabilities, tracking POA&Ms, and developing ConMon artifacts.
• Independently engage with stakeholders to see through the Plans of Actions and Milestones (POA&Ms), document deviation requests, file exceptions and prepare Annual Authorization reports to support continuous monitoring
• Provide detailed recommendations to mitigate risks leveraging the standard methods and any other ttp’s approved by the Federal Government/Agencies and best practices.
• Coordinate with internal stakeholder engineering teams to document security compliance control implementations for technical, management, and operational requirements.
• Collaborate with engineering teams to provide guidance on building FedRAMP compliant cloud architecture.
• Collaborate with external auditors during FedRAMP reviews and audits, providing precise and detailed responses.
• Configure and maintain security tools and monitoring technologies to ensure continuous FedRAMP compliance.
• Stay updated on the latest security threats, compliance trends, and changes in FedRAMP requirements.

This role is critical in ensuring our compliance with FedRAMP requirements and maintaining PTC’s high standards of security. The successful candidate:

• will interpret compliance controls for security, product, and engineering teams to support the development and implementation of automation, while managing vulnerabilities, especially within the Continuous Monitoring (ConMon) domain
• will partner with internal and external stakeholders, including vendors and third-party assessment organizations (3PAOs), to ensure remediation is completed, controls are implemented and documented in accordance with FedRAMP compliance standards, and SLAs are met