State of ColoradoRemote
Senior Security Engineer (Risk) Remote From Anywhere In CO.
United States of America
Full Time
3 weeks ago
No H1B
Key skills
Security EngineeringTechnical Risk ManagementRisk AssessmentsServiceNow IRMSplunkFramework-Based Risk AssessmentProgram ScalingSecurity AnalyticsOperational ReadinessLeadership ExperienceServiceNowLeadershipRisk Management
About this role
The State of Colorado is seeking a Senior Security Engineer (Risk) to join the Office of Information Security (OIS). This role involves leading technical risk assessments, providing strategic direction for risk management, and collaborating across teams to enhance the state's security posture.
Responsibilities:
- Act as a key security advisor and collaborator for teams across the organization
- Partner with technical teams to provide technical guidance on risk mitigation
- Serve as a technical point of escalation during the daily standups to ensure cross-team alignment on remediation strategies
- Execute deep-dive technical risk assessments for high-profile state systems
- Evaluate control implementations across a variety of technical environments, including on-premise, cloud, and hybrid, identifying critical gaps and architecting technical remediation plans
- Serve as a key member in designing a TPRM program capable of handling an enterprise volume of vendors
- Define technical standards for reviewing technical support documentation and helping establish the automated intake workflows necessary to scale these assessments
- Support the execution and refinement of the risk management strategic roadmap
- Drive milestones related to risk intake maturity and expanding risk services to state agencies and local government partners
- Support the transition from legacy workflows to automated processes within the ServiceNow IRM module
- Provide the technical expertise needed to ensure the platform delivers real-time, asset-level risk visibility for leadership
- Partner with data and engineering teams to help build 'Top 10' Enterprise Risk Dashboards in Splunk
- Contribute 'Actionable Insight Statements' that help leadership prioritize resources based on data-driven risk findings
Requirements:
- At least five (5) years of professional experience in security engineering, technical risk management, or high-level systems administration with a focus on security
- Demonstrated experience in a technical leadership capacity, such as serving as a team lead, managing project workstreams, or providing high-level technical guidance to other technical staff
- Proven experience in the full risk lifecycle, including performing risk assessments, identifying threats, and developing successful remediation strategies
- Demonstrated experience utilizing industry security frameworks (such as NIST 800-53, CJIS, IRS Pub 1075, or SOC 2) as the technical baseline to perform risk assessments, evaluate control effectiveness, and provide engineering-level guidance on mitigating identified enterprise risks
- Experience validating security controls in a variety of environments, including on-premise infrastructure and modern cloud architectures
- Experience implementing, configuring, or operationalizing the ServiceNow IRM/GRC module to automate risk workflows is highly helpful
- Previous experience working within or building a high-volume Third-Party Risk Management program
- Experience using Splunk or similar tools to visualize and report on risk metrics for executive audiences
- Ability to 'hit the ground running' to meet aggressive roadmap goals while maintaining a focus on team-wide technical excellence