Security Engineer II

About The Position

Requirements

• 2–4 years of experience in cybersecurity, vulnerability management, or compliance operations
• Exposure to FedRAMP, NIST 800-53, or similar security frameworks
• Hands-on experience working with vulnerability scanning tools (e.g., Nessus, Qualys)
• Experience tracking vulnerabilities or security findings in a ticketing or tracking system (e.g., ServiceNow, Jira)
• Strong organizational skills with the ability to manage and track large volumes of findings accurately
• High attention to detail and commitment to maintaining data accuracy and consistency
• Ability to identify and investigate discrepancies across multiple data sources
• Understanding of the importance of continuous monitoring, system visibility, and audit readiness in regulated environments
• Strong written and verbal communication skills, with the ability to clearly convey status and risk
• Ability to work independently while collaborating closely with a senior lead and cross-functional teams
• BS Engineering/Computer Science or equivalent experience required
• U.S. Citizenship required
• Must meet IAL2 (Identity Assurance Level 2) requirements

Nice To Haves

• Experience with FedRAMP Continuous Monitoring processes or reporting
• Familiarity with POA&M management and audit support activities
• Exposure to logging, monitoring, or SIEM platforms
• Experience improving workflows through automation or scripting (e.g., PowerShell, Python, Power Automate)

Responsibilities

• Execute monthly FedRAMP Continuous Monitoring activities, ensuring timely and accurate completion of deliverables
• Maintain and update Plans of Action and Milestones (POA&Ms), including tracking remediation progress and validating closure
• Review and analyze vulnerability scan results (e.g., Nessus) and assist with prioritization and escalation
• Maintain an accurate, up-to-date view of vulnerability status across the environment
• Track vulnerabilities through the full lifecycle: identification, validation, remediation, and closure
• Monitor and report on aging vulnerabilities and SLA adherence
• Ensure consistency between scan results, ticketing systems (e.g., ServiceNow), and POA&M records
• Maintain continuous operational visibility into the security posture of FedRAMP systems, including vulnerabilities, assets, and control status
• Validate that security-relevant data (scan results, logs, asset inventory, and tracking systems) is complete, accurate, and aligned across sources
• Identify gaps in visibility (e.g., missing assets, incomplete scan coverage, inconsistent data) and escalate appropriately
• Support continuous monitoring activities aligned with FedRAMP and NIST 800-137 (ISCM) expectations
• Assist in ensuring that logging, monitoring, and security tooling provide sufficient coverage to support ongoing risk awareness and audit readiness
• Prepare and maintain audit-ready documentation and ConMon artifacts, including monthly summaries
• Partner with engineering, cloud, and security teams to support timely remediation efforts
• Assist with annual assessments and audit preparation, including coordination with internal and external auditors
• Identify recurring issues or trends and escalate to the senior lead for resolution

Benefits

• annual incentive bonus
• country specific benefits