FedRAMP Technical Compliance Analyst II

Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the management of experiences, insights, and actions for candidates, customers, employees, patients, and residents alike.

We believe that every experience is a memory that can last a lifetime. Experiences shape the way people feel about a company. And they greatly influence how likely people are to advocate, contribute, and stay. At Medallia, we are committed to creating a world where organizations are loved by their customers and their employees.

We empower exceptional people to create extraordinary experiences together.

Bring your whole self.

The Role and Team

The FedRAMP Senior Technical Compliance Analyst role is considered a Public Sector compliance (NIST, FedRAMP, CMMC, FISMA, DoD SRG, 20X, etc.) subject matter expert that will own the FedRAMP RMF lifecycle. This role is focused on maintaining FedRAMP compliance across multiple FedRAMP certifications. You will conduct and own efforts for FedRAMP audits, continuous monitoring (ConMon), change management, and FedRAMP documentation updates and management. This role will also manage contract RFP reviews for FedRAMP compliance and support customer requests for ATO documentation support.

What does success look like for this role? Sustaining multiple FedRAMP authorizations as part of the Medallia PubSec team while bridging the gap between compliance and technical.

• Own the FedRAMP RMF lifecycle, including defining/maintaining the authorization boundary, driving control implementation evidence, writing and reviewing the System Security Plan (SSP), and managing System Assessment Plan (SAP)/System Assessment Report (SAR), Plan of Action & Milestones (POA&M), and Continuous Monitoring submissions
• Author and maintain security and compliance policies, standards, and procedures, aligning with NIST 800-53r5 and organizational standards
• Drive vulnerability management, including vulnerability scanning, patching cadence enforcement, and tracking remediation
• Liaise with external FedRAMP advisors/3PAO and authorizing stakeholders, coordinating requests, and resolving findings
• Collaborate with Security (GRC/ProdSec/SecOps), Cloud Engineering/SRE, and IT teams to operationalize NIST 800-53 Rev. 5 controls and ensure traceable evidence

Candidates based in the Tysons vicinity will be prioritized as this role is Hybrid, 3 days per week onsite.

Minimum Qualifications

• US Citizen / US Resident
• 3 years of experience working in the cyber security / information security / compliance domain ( FISMA, FedRAMP, DoD etc.)
• FedRAMP compliance management experience
• FedRAMP NIST 800-53 controls implementation experience
• Experience with vulnerability management ownership

Preferred Qualifications

• Experience with Incident Response and Contingency Planning
• Knowledge of Python, Bash, Kubernetes
• Experience with FedRAMP GRC Tools

Medallia is committed to equal pay and transparency. The annual base salary range for this position is $100,000 - $146,000. Please note that the salary range information provided is a general guideline and combines all of the distinct labor markets within the US. It is uncommon for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on a variety of factors. Medallia considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, candidate's work location, education/training, key skills, internal peer equity, external market data, as well as, market and business considerations when making compensation decisions.

Medallia also offers competitive health and wellness benefits, including but not limited to medical, dental, vision, 401(k), short-term and long-term disability, life and AD&D insurance, statutory leaves, paid parental leave, and paid holidays. Benefits and eligibility may vary by location and role.

At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age (40 and over), disability, genetic information, veteran status or military service, or any other status protected by state or local law. Individuals with a disability who need an accommodation to apply please contact us at ApplicantAccessibility@medallia.com. For information regarding how Medallia collects and uses personal information, please review our Privacy Policies. Applications will be accepted for 30 days from the date this role was posted or until the role has been filled.