Compliance & Policy Analyst - Agentic AI

Peraton Labs is seeking a Compliance & Policy Analyst to help establish, maintain, and mature the written compliance posture of our Agentic AI platform environment. This individual will play a critical role in ensuring our documented security and compliance artifacts accurately reflect the infrastructure, controls, and operational realities of the platform.

 

This role will own the development and maintenance of core compliance documentation, including System Security Plans (SSPs), supporting policies and standard operating procedures, POA&M management, and audit evidence coordination. The ideal candidate is highly detail-oriented, strong in policy and control documentation, and comfortable working closely with platform and security engineers to translate technical implementation into clear, auditor-ready language.

 

This is a high-trust role at the intersection of compliance, policy, and platform execution. The right candidate will serve as the connective tissue between what is written, what is required, and what is actually built and operated.

 

Key responsibilities may include, but are not limited to:

• Own and maintain the written compliance posture of the Agentic AI platform
• Author, update, and evolve System Security Plans (SSPs) and related compliance artifacts in support of ATO and broader assessment efforts
• Develop additional SSPs and associated documentation required to support expanding authorization needs
• Build, organize, and maintain a comprehensive security policy and SOP library aligned to relevant control frameworks
• Manage POA&Ms, including documenting gaps, tracking remediation progress, and maintaining visibility into open items
• Coordinate and run evidence collection cycles in support of internal reviews, external assessments, and audit activities
• Serve as the primary compliance point of contact for internal auditors, external assessors, and compliance stakeholders
• Partner closely with platform, cloud, and security engineers to validate that documented control narratives accurately reflect implemented infrastructure and operational practices
• Review architecture diagrams, infrastructure-as-code, technical diagrams, and engineering documentation to ensure compliance materials remain accurate and defensible
• Help ensure consistency, traceability, and quality across all compliance documentation and supporting artifacts
• Identify documentation gaps, policy inconsistencies, or control narrative issues early and drive them to resolution
• Support the maturation of repeatable compliance processes that strengthen audit readiness over time

Required Qualifications

• Minimum of BS with 5+ years of experience, MS/PhD with 3+ years of experience in security compliance, GRC, cybersecurity policy, or related compliance-focused roles
• Deep hands-on experience authoring and maintaining System Security Plans (SSPs) aligned to NIST 800-171 and NIST 800-53
• Demonstrated experience supporting systems through ATO efforts, formal security assessments, and/or CMMC readiness activities
• Experience managing POA&Ms, coordination remediation tracking, and running structured evidence collection cycles
• Strong background serving as a primary point of contact for auditors, assessors, and compliance stakeholders
• Proven ability to build and maintain policy libraries, standards, and SOPs aligned to a formal control framework
• Ability to read and interpret architecture diagrams, infrastructure-as-code, and technical documentation well enough to validate that control narratives reflect implemented reality
• Working knowledge of AWS and cloud-native environments, including concepts such as EKS, IAM, logging, encryption, and cloud security controls
• Exceptional attention to detail, with the ability to identify vague, conflicting, or incomplete documentation and drive clarity
• Strong written communication skills, with the ability to translate technical implementation into concise, auditor-ready language
• US Citizenship is required for this position

 

Desired Qualifications

• Experience supporting CMMC Level 2 preparation, assessment, or sustainment activities
• Background contributing to FedRAMP or DoD ATO packages
• Experience working in highly technical cloud or platform environments where security controls must be mapped directly to operational systems
• Familiarity with evidence management, control traceability, and structured documentation practices in regulated environments
• Experience collaborating closely with cloud, DevSecOps, or platform engineering teams
• Ability to operate effectively in an environment where compliance maturity is actively being built and refined

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

$80,000 - $128,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.