Grant Street GroupRemote
Security & Compliance Engineer
United States
Full Time
3 hours ago
$100,000 - $160,000 USD
No Visa Sponsorship
Key skills
AWSCloudLinuxPythonBashPowerShellIAMCommunication
About this role
Role Overview
- Support the day-to-day security posture of systems and services across cloud and on-prem environments.
- Review vulnerability findings from scanners, penetration tests, and other assessments, and help drive remediation to closure.
- Partner with infrastructure, platform, and engineering teams on secure configuration, access control, logging, monitoring, and incident readiness.
- Support compliance and assessment activities related to GovRAMP/FedRAMP, PCI DSS, internal reviews, and third-party examinations.
- Use AWS security tooling effectively, support day-to-day security processes, and help translate security and compliance requirements into practical, durable operational outcomes.
- Maintain documentation, procedures, and other operational artifacts so they stay aligned with the environment and current control expectations.
Requirements
- 3+ years of experience in security engineering, security operations, infrastructure security, or security compliance.
- Hands-on experience working in Linux-based production environments and securing Linux systems.
- Experience securing AWS environments and using services such as IAM, CloudTrail, GuardDuty, Security Hub, Config, Inspector, and KMS.
- Working knowledge of vulnerability management, configuration management, logging, monitoring, access control, and incident response practices.
- Scripting experience in Python, Bash, PowerShell, or similar for automation, security operations, and reporting tasks.
- Strong written and verbal communication skills, with the ability to move issues from discovery through remediation across multiple teams.
- Experience supporting regulated or highly audited environments is a plus.
- Familiarity with GovRAMP, FedRAMP, PCI DSS, SOC examinations, or similar frameworks is a plus.
- Experience reviewing scanner output, penetration test findings, or security monitoring alerts and helping drive remediation is a plus.
- Familiarity with POA&M tracking, exception handling, and remediation coordination is a plus.
- Experience working across both cloud and legacy infrastructure is a plus.
Tech Stack
- AWS
- Cloud
- Linux
- Python
Benefits
- minimal travel: typically 2-3 weeks per year for on-site meetings
- technology-rich work environment