Piper Companies is a fully remote cybersecurity and compliance services firm seeking a Continuous Monitoring Engineer. This role focuses on vulnerability management, compliance monitoring, and cloud security across various cloud environments.
Responsibilities:
- Manage the full POA&M lifecycle, including risk justifications and deviation requests
- Collect and maintain security evidence for monthly continuous monitoring (FedRAMP, HITRUST, PCI)
- Run and analyze vulnerability scans across OS, databases, web apps, and containers
- Identify false positives and prepare risk assessments for federal stakeholders
- Maintain system inventories and boundary documentation
- Support vulnerability tools (Tenable, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender)
- Collaborate with engineering and SRE teams to integrate scanning into CI/CD pipelines
- Track remediation activities and coordinate timelines with technical teams
- Produce monthly compliance deliverables and vulnerability summaries
Requirements:
- 3–5 years of experience in vulnerability management, continuous monitoring, or security operations
- Hands-on experience scanning OS, networks, databases, containers, and web apps
- Experience with at least two cloud platforms (AWS, Azure, GCP)
- Familiarity with FedRAMP, HITRUST, or PCI frameworks
- Administrator-level cloud certification (AWS/Azure/GCP)
- Strong understanding of CVSS/CMSS scoring and NIST 800‑53 (RA‑5, SI‑2, CM‑6)
- Experience with STIGs, SCAP/SCC, and CIS Benchmarks
- Scripting skills (Python, PowerShell, Bash)
- Strong communication and documentation skills
- Cloud security certifications (AWS/Azure/GCP)
- Security+ or CISSP
- Experience with container security tools (Trivy, Anchore, Snyk) and Kubernetes
- Familiarity with SCA and SAST/DAST tools
- Experience integrating security controls into CI/CD workflows