We're in the process of moving to GovCloud, but that's a relatively small part of the overall compliance...fun...that goes into getting a service FedRAMP-approved.
That's a bit out of our control. We are able to hire quickly because we use a "specialist" hiring authority, but that comes with downsides like what you describe. I'm a developer and am making more than I did at any previous job, if that helps.
The way we operate is that agencies come to us to do projects (or we initiate shared services like cloud.gov), so we don't exactly get to pick anything we want. That being said, there is a lot of freedom within the projects we have to work on things that interest you.
It was enough of a problem that the reaction was to probably take it down and take a hard look at everything before being it back up. Maybe a hosted rocket.chat will be the replacement to allow them more granular control over security.
Those teams definitely exist in agencies (GSA included), but we (18F) are managing ATOs internally for our projects, and are working on tooling to clarify, simplify, and automate the process. https://github.com/18F/control-masonry/ is our first project around this.
I am not sure about medium-risk public trust positions, but for high-risk public trust positions (think access to PII, social security # type stuff) they require an in depth personal history, including a meet and greet with an investigator (usually ex-law enforcement, so I was told).
Protip: Contractor or FTE, make sure you specifically ask HR whether or not there will be an additional screening, and whether or not it is a 'public-trust' position and what level that would be following your hiring.
I was pretty miffed when 'they' told me after the fact that my position required an additional background check and that my continued employment would be predicated on the outcome.
