US Public Sector Continuous Monitoring Analyst

Job Description:

  • Support continuous monitoring (ConMon) activities for Rapid7’s US Public Sector compliance programs, with a primary focus on FedRAMP and GovRAMP
  • Assist in managing Plans of Action & Milestones (POA&Ms), including tracking remediation progress, timelines, and risk ownership
  • Help analyze security findings, vulnerability results, and control deficiencies in partnership with Engineering and Security teams
  • Support technical evidence collection aligned to NIST 800-53 rev. 5 and NIST 800-171
  • Use ATO-focused GRC platforms such as Paramify, ServiceNow GRC, Onspring, RegScale, and DefectDojo to track findings, risks, and compliance status
  • Participate in discussions with engineers to understand control implementations, technical risks, and remediation approaches
  • Assist with preparation of ConMon deliverables (POA&M, deviation requests, inventory workbook)
  • Help improve POA&M and ConMon processes through standardization, automation, and improved data quality
  • Gain hands-on exposure to evolving requirements such as CMMC, new Executive Orders, and other US public sector cybersecurity initiatives

Requirements:

  • 2-5 years of experience (or equivalent academic/internship experience) in cybersecurity, cloud security, compliance, or risk management
  • Foundational knowledge of NIST 800-53 and/or NIST 800-171
  • Interest in vulnerability management, risk remediation, and continuous monitoring
  • Experience or familiarity with ATO-focused GRC platforms such as Paramify, ServiceNow GRC, Onspring, or RegScale
  • Ability to understand and document technical security issues and risks
  • Strong analytical skills and attention to detail
  • Clear written and verbal communication skills
  • A curious, collaborative mindset and eagerness to learn

Benefits:

    Back to blog