Abnormal AIRemote
Senior Security Engineer
United States
Full Time
1 hour ago
$170,000 - $200,000 USD
H1B Sponsor Likely
Key skills
Security engineeringAWS/SaaS securityCI/CD pipelinesInfrastructure automationNIST 800-53 controlsPatch managementIdentityaccess managementSIEM managementIncident managementCollaboration skillsAIAWSTerraformIAMSaaSCI/CDProject ManagementCollaboration
About this role
Abnormal AI is seeking a Senior Security Engineer to ensure the security and efficiency of their FedRAMP environment. This role focuses on security operations engineering and involves maintaining CI/CD pipelines, managing access, and responding to incidents while collaborating with various teams to embed secure practices.
Responsibilities:
- Maintain and improve CI/CD pipelines to support secure deployments and infrastructure workflows
- Manage infrastructure-as-code (IaC) PR and Change Control Board reviews, ensuring changes are tested, approved, and secure before release
- Perform security impact analyses (SIAs) for system/application changes and provide recommendations
- Run OS and infrastructure patch cycles; manage hardened images and patch workflows for FedRAMP environments
- Govern access management, including account provisioning, RBAC module maintenance, and periodic reviews
- Manage logging and monitoring pipelines; tune SIEM ingestion and alerting for coverage and accuracy
- Triage and respond to security incidents, from alert investigation through containment, recovery, and after-action reporting
- Maintain and refine runbooks, SOPs, and documentation to ensure consistent operations and audit readiness
- Collaborate with DevInfra, FedOps, Product, and Compliance teams to embed secure practices into operations and development
Requirements:
- 5+ years in security engineering or infrastructure operations within federal or regulated cloud environments
- Strong familiarity with NIST 800-53 controls and continuous monitoring practices
- Proven delivery of AWS/SaaS security best practices
- Hands-on expertise with CI/CD, infrastructure automation, and IaC security practices
- Experience in patch management, hardened baselines, and secure image pipelines
- Strong knowledge of identity and access management (IAM) design and enforcement in large-scale environments
- Proven ability to manage SIEM pipelines and lead Tier 1/ Tier 2 incident response
- Strong technical documentation, collaboration, and incident/project management skills
- Experience integrating security automation into CI/CD pipelines and SecOps workflows
- Prior experience supporting federal audits or 3PAO engagements
- Knowledge of SaaS security operations and monitoring at scale
- Experience driving automation in security operations, compliance tracking, and evidence management
- Knowledge of SaaS security operations and modern cloud environments; exposure to DevSecOps pipelines or security reviews for Terraform/containers