Sr. DevSecOps Engineer (US)

Role Overview

Craft is seeking a Sr. DevSecOps Engineer (US) to lead a strategically important initiative: establishing a FedRAMP-authorized cloud environment. You’ll define a secure boundary and harden Craft’s existing cloud platform to support FedRAMP authorization at Moderate and High impact levels with alignment to DoW IL2 and IL5 requirements.

Responsibilities

• Own and lead FedRAMP readiness day-to-day: define the roadmap, drive execution, and manage the ATO timeline.
• Design and implement AWS GovCloud architecture to meet FedRAMP Moderate and High requirements.
• Translate NIST 800-53 Rev. 5 controls into concrete, auditable, continuously enforced technical implementations.
• Build and maintain compliance automation tooling to continuously validate control adherence and reduce manual audit effort.
• Develop secure CI/CD pipelines with integrated security gates, secrets management, and FedRAMP-appropriate deployment controls.
• Author and maintain compliance artifacts, including System Security Plans (SSPs), control implementation statements, and audit evidence packages.
• Support auditors and 3PAOs through assessment cycles.
• Conduct threat modeling, risk assessments, and security architecture reviews.
• Embed FedRAMP controls across the engineering lifecycle and partner with full-stack, data, and ML teams for scalable adoption.
• Serve as the internal SME for FedRAMP and NIST 800-53, upskilling the broader team.

Requirements

• Hands-on FedRAMP ATO experience (you have been through the process).
• Strong working knowledge of NIST 800-53 Rev. 5 and implementing controls technically.
• Deep hands-on experience securing AWS environments.

Nice-to-haves

• Experience specifically with FedRAMP Moderate/High implementations and continuous compliance automation.
• Familiarity with DoD cloud requirements such as IL2/IL5 alignment (via DoW).