InfoSec Engineer - Compliance (ATO)

Vannevar is a defense technology company building AI to deter our adversaries.  In the 21st century, conflict moves at algorithmic speed and foresight equals firepower. Our agentic AI is purpose-built to compete with China—from cross-Strait conflict to gray zone coercion. Trained on the most mission-relevant datasets in defense, our technology models adversary behavior, simulates campaigns, and recommends the best course of action to decision makers. Our AI systems are some of the most trusted in the industry and actively used on the front lines of the Indo-Pacific to keep the peace and save lives. Exceptional technology starts with exceptional people. Vannevar is a small agile team combining world-class engineers with veteran strategists who bring deep expertise in defense and tradecraft. We’re building a company defined by mission impact, user empathy, and disciplined growth. In just three years, we grew from $3M to $80M in ARR, achieved early profitability, and reached unicorn status—proving that disruption doesn’t require an ego, and staying power doesn’t mean standing still. About the role Vannevar Labs is seeking an experienced Information Security Engineer to lead our IL-6 / IL-7 ATO (Authority to Operate) and follow-on compliance efforts. This role will be critical to unlocking our ability to deploy classified capabilities for defense and intelligence customers. You will serve as the dedicated technical leader responsible for achieving platform operation on classified networks, working directly with government ISSMs, AOs, and security stakeholders to navigate the RMF process and achieve ATOs across Navy, Joint, and COCOM user groups. What you’ll do Own and execute our strategy for how we approach ATOs across our customers. Lead the end-to-end ATO process for IL-6 (SIPR) and IL-7(JWICS) environments, through full authorization and follow-on compliance. Own RMF (Risk Management Framework) documentation and control implementation across multiple simultaneous ATOs Work with 3PAOs and federal government AOs to achieve compliance certifications and reports Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures • Serve as a liaison between system owners and other security personnel, ensuring that selected security controls are effectively implemented and maintained throughout the lifecycle of projects Interface directly with government ISSMs, AOs, and security stakeholders to manage authorization packages and navigate accreditation tools (XACTA, eMASS) Design and implement role-based access controls, data classification frameworks, and audit logging capabilities for classified environments Architect solutions for handling TS/SCI data with proper controls and separation that meet DoD requirements Ensure compliance with DISA STIGs, SRGs, NIST 800-53, and DoD hardening standards Build scalable systems and processes for managing ATOs across different customers and sponsors Coordinate with platform engineering teams on security roadmap priorities and technical implementation Manage relationships with government sponsors and identify opportunities to parallel-path authorization efforts Work closely with mission engineering teams deploying to classified environments and partner with compliance engineering on FedRAMP and CMMC efforts Brief executive leadership on ATO status, risks, and strategic decisions   What we’re looking for Must have personally led or been deeply involved in achieving ATOs or DISA provisional authorizations 5+ years in information security, with significant time in government/DoD compliance Direct experience with RMF, NIST 800-53, DISA STIGs, and IL-4/IL-5/IL-6/IL-7 environments Track record of working closely with government ISSMs, AOs, to navigate and expedite bureaucratic processes Experience with XACTA, eMASS, or similar government accreditation platforms Deep understanding of classified network architectures (SIPR, JWICS) Experience implementing RBAC, audit logging, and data classification systems Knowledge of cloud security in AWS GovCloud, Google Government, and Azure Government Familiarity with container security, Kubernetes/OpenShift in classified environments Understanding of cross-domain solutions and data transfer between classification levels Ability to navigate complex government processes and build relationships with government stakeholders Strong written communication for technical documentation and compliance artifacts Must hold an active  U.S. TS Security clearance with SCI Eligibility What we offer Comprehensive Benefits We’re proud to offer competitive benefits that support our employees. Some key highlights of our benefits package include: Health, dental, and vision insurance Remote friendly with WeWork access Unlimited PTO, shared downtime during the federal holiday calendar, and company-wide off time at the end of each year 401(k) ma