Security Engineer
United States
Full Time
5 days ago
$110,316 - $155,563 USD
Key skills
CloudSDLCCommunicationPresentation SkillsPenetration TestingCloud Security
About this role
Role Overview
- Lead end to end System Security & Privacy Plan (SSP/SSPP) development, maintenance, and updates for enterprise systems.
- Drive remediation activities through POA&M management, ensuring timely closure of compliance gaps.
- Translate penetration testing and vulnerability findings into actionable remediation work items (EPICs/user stories).
- Coordinate with application, infrastructure, and security teams to validate remediation through re-testing and evidence.
- Oversee risk-based vulnerability management, including prioritization and SLA-driven remediation.
- Provide governance oversight for endpoint protection, web application security, and cloud security controls.
- Produce assessor ready documentation, including configurations, monitoring evidence, approvals, and incident traceability.
- Support continuous audit readiness and reduce repeat findings through disciplined governance and documentation practices.
- Other duties as assigned.
Requirements
- 12 years of experience with Governance, Risk, and Compliance (GRC), Enterprise Security and Security Architecture, Vulnerability Management and Penetration Testing, Cloud Security and hybrid environments.
- 10 years of proven experience owning SSP development end to end.
- 10 years of Hands on experience with CMS MARS E v2.2 or comparable federal/state security frameworks.
- 10 years of strong expertise in: Control implementation documentation, Audit evidence collection and validation, POA&M creation, tracking, and remediation management.
- 8 years of experience with the ability to translate technical security issues into compliance aligned remediation actions.
- 8 years of experience as a strong stakeholder with management skills across security, infrastructure, and application teams.
- 8 years of excellent written and verbal communication skills.
- 8 years of knowledge of NIST 800 53, NIST RMF, and privacy controls.
- 8 years of knowledge of Secure SDLC and DevSecOps practices.
- Must be able to pass a background check.
- May require additional background checks as required by projects and/or clients at any time during employment.
- Exceptional interpersonal skills with the ability to communicate in a clear, professional, and articulate manner.
- Exceptional verbal and written communication skills.
- Possesses effective presentation skills.
- Excellent organizational, analytical, and problem-solving skills with high-level attention to detail.
- Proven ability to multitask and prioritize in a fast past environment with changing priorities; adaptable to change and a quick learner.
- Must be self-motivated and able to work well independently as well as on a multi-functional team.
- Ability to handle sensitive and confidential information appropriately.
- Proficient in MS Office, Word, Outlook, PowerPoint, and Excel.
Tech Stack
- Cloud
- SDLC
Benefits
- Medical, Dental and Vision Insurance
- Wellness Program
- Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
- Short-Term and Long-Term Disability options
- Basic Life and AD&D Insurance (Company Provided)
- Voluntary Life and AD&D options
- 401(k) Retirement Savings Plan with matching after one year
- Paid Time Off