Security Engineer

About The Position

Requirements

• 12 years of experience with Governance, Risk, and Compliance (GRC), Enterprise Security and Security Architecture, Vulnerability Management and Penetration Testing , Cloud Security and hybrid environments.
• 10 years of proven experience owning SSP development end to end.
• 10 years of experience Hands on experience with CMS MARS E v2.2 or comparable federal/state security frameworks.
• 10 years of strong expertise in: Control implementation documentation, Audit evidence collection and validation, POA&M creation, tracking, and remediation management.
• 8 years of experience with the ability to translate technical security issues into compliance aligned remediation actions.
• 8 years of experience as a strong stakeholder with management skills across security, infrastructure, and application teams.
• 8 years of excellent written and verbal communication skills.
• 8 years of knowledge of NIST 800 53, NIST RMF, and privacy controls.
• 8 years of knowledge of Secure SDLC and DevSecOps practices.
• Must be able to pass a background check. May require additional background checks as required by projects and/or clients at any time during employment.
• Exceptional interpersonal skills with the ability to communicate in a clear, professional, and articulate manner.
• Exceptional verbal and written communication skills.
• Possesses effective presentation skills
• Excellent organizational, analytical, and problem-solving skills with high-level attention to detail.
• Proven ability to multitask and prioritize in a fast past environment with changing priorities; adaptable to change and a quick learner.
• Must be self-motivated and able to work well independently as well as on a multi-functional team.
• Ability to handle sensitive and confidential information appropriately
• Proficient in MS Office, Word, Outlook, PowerPoint, and Excel.

Nice To Haves

• 5 years of experience operating multi-vendor, multi-platform environments.
• 5 years of demonstrated ability to reduce repeat audit findings and improve compliance maturity.
• 5 years of experience mentoring or guiding teams on security governance best practices.
• 1 year of experience supporting HHSC systems, including SSP development and compliance.

Responsibilities

• Lead end to end System Security & Privacy Plan (SSP/SSPP) development, maintenance, and updates for enterprise systems.
• Drive remediation activities through POA&M management, ensuring timely closure of compliance gaps.
• Translate penetration testing and vulnerability findings into actionable remediation work items (EPICs/user stories).
• Coordinate with application, infrastructure, and security teams to validate remediation through re-testing and evidence.
• Oversee risk-based vulnerability management, including prioritization and SLA-driven remediation
• Provide governance oversight for endpoint protection, web application security, and cloud security controls.
• Produce assessor ready documentation, including configurations, monitoring evidence, approvals, and incident traceability.
• Support continuous audit readiness and reduce repeat findings through disciplined governance and documentation practices.
• Other duties as assigned.

Benefits

• Medical, Dental and Vision Insurance; Wellness Program
• Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
• Short-Term and Long-Term Disability options
• Basic Life and AD&D Insurance (Company Provided)
• Voluntary Life and AD&D options
• 401(k) Retirement Savings Plan with matching after one year
• Paid Time Off