State of ColoradoRemote
Senior Security Engineer (Risk) (Remote From Anywhere In Colorado).
United States of America
Full Time
3 hours ago
No H1B
Key skills
Security engineeringTechnical risk managementSystems administration - security focusRisk assessmentsRisk remediation strategiesCRISC certificationCISSP certificationCISA certificationNIST 800-53NIST RMF 800-37NIST RMF 800-39NIST RMF 800-30NIST CSFCJISIRS Pub 1075Security controls validationOn-premise infrastructure securityCloud architecture securityGRC platform implementationIRM platform implementationThird-Party Risk ManagementSIEM platformsData analytics platformsAnalyticsLeadershipRisk Management
About this role
The State of Colorado is seeking a Senior Security Engineer (Risk) to join the Office of Information Security. This role involves serving as a technical leader in identifying, quantifying, and mitigating technical risks while advancing the state's Risk Management capabilities through comprehensive assessments and strategic direction.
Responsibilities:
- Act as a key security advisor and collaborator for teams across the organization. You will partner with Service Delivery teams to provide technical guidance on risk mitigation. You will serve as an escalation point for cross-team alignment on enterprise remediation strategies
- Execute deep-dive technical risk assessments for high-profile state systems. You will evaluate control implementations across a variety of environments, including on-premise, cloud, and hybrid, identifying critical gaps and developing technical remediation plans
- Serve as a key member in designing and maturing a TPRM program capable of handling an enterprise volume of vendors. You will establish and support a scalable solution with automated workflows and collaborate cross-functionally to scale the program’s reach
- Support the execution and refinement of the risk management strategic roadmap. You will be responsible for driving milestones related to risk assessments, vendor risk management, continuous monitoring, TPRM program governance, and expanding risk services to state agencies and local government partners
- Support the transition from manual workflows to automated processes and platforms. You will provide the technical expertise needed to ensure the platform delivers real-time, asset-level risk visibility for leadership
- Partner with internal OIT teams to build TPRM dashboards that improve visibility for program governance and enterprise risk. You will contribute actionable insights that help leadership prioritize resources based on data-driven risk findings
Requirements:
- At least five (5) years of professional experience in security engineering, technical risk management, or high-level systems administration with a focus on security
- Demonstrated experience in technical and people leadership capacity, such as serving as a team lead, managing project workstreams, or providing high-level technical guidance to other technical staff, with the skillset to build relationships across service delivery organizations
- Proven experience in the full risk lifecycle, including performing risk assessments, identifying threats, and developing successful remediation strategies
- Proven expertise applying security and compliance frameworks (NIST 800-53, NIST RMF 800-37/39/30, NIST CSF, CJIS, IRS Pub 1075) to conduct risk assessments, evaluate control effectiveness, and deliver engineering-level guidance for enterprise risk mitigation
- Experience validating security controls in a variety of environments, including on-premise infrastructure and modern cloud architectures
- Hands-on experience implementing or operationalizing a GRC/IRM platform to automate risk workflows, track control status, and support audit readiness
- Previous experience working within or building a high-volume Third-Party Risk Management program
- Ability to translate risk metrics into clear visualizations and executive-level reporting using SIEM or data analytics platforms
- Ability to 'hit the ground running' to meet aggressive roadmap goals while maintaining a focus on team-wide technical excellence