Security Engineer

About The Position

Requirements

• A bachelor’s degree in computer science, information systems, cybersecurity, or a related field.
• 3–5 years of experience in security engineering, cybersecurity, or a related role.
• Hands-on experience with vulnerability scanning and management tools (e.g., Tenable, AWS Inspector, Snyk, Trufflehog, or GitLeaks).
• Working knowledge of AWS security and compliance services (Security Hub, Config, Audit Manager) or comparable cloud-native tooling.
• Familiarity with security compliance and the Authority to Operate (ATO) process, including POA&Ms and continuous monitoring.
• Understanding of federal security frameworks such as NIST RMF, ARS, or IS2P2 (or a strong willingness to learn them quickly).
• Comfort scripting and automating in Python or Bash and integrating tooling into CI/CD pipelines.
• Solid problem-solving skills and the ability to collaborate across multiple stakeholders.
• Ability to obtain and maintain a Public Trust security clearance.

Nice To Haves

• Previous experience supporting CMS.
• Experience securing AI, NLP, or LLM-driven systems and the data behind them.

Responsibilities

• Find and prioritize vulnerabilities by running vulnerability and security scans, and building a clear, prioritized list of weaknesses based on severity, known exploitation, and exploitation probability using intelligence sources like the CISA KEV catalog and EPSS.
• Automate security into the pipeline by embedding security tooling such as Snyk, Trufflehog/GitLeaks, Tenable, and AWS Inspector into CI/CD so vulnerabilities are caught and reported before they ship.
• Modernize compliance by driving the move toward Continuous ATO (cATO) and near-real-time compliance monitoring using AWS Security Hub, Config, and Audit Manager, plus the CMS GRC system of record (CFACTS).
• Build and feed continuous monitoring by implementing monitoring of production runtime environments for vulnerabilities and compliance drift, and making security and compliance reporting available on demand.
• Track and close gaps by documenting vulnerabilities, misconfigurations, and compliance deviations, and supporting POA&M creation and remediation tracking to keep system ATOs healthy.
• Keep systems aligned to standards by supporting compliance with CMS and federal requirements such as NIST RMF, ARS, and IS2P2 within a FISMA Moderate boundary.
• Harden access by helping implement least-privilege, role-based access controls aligned to Zero Trust objectives and supporting regular access reviews and audits.
• Raise the flag early by identifying, documenting, and communicating security risks tied to modernization efforts so they get to the right stakeholders before they become problems.

Benefits

• Medical, dental, vision insurance (fully paid for employees)
• 15 days of paid leave
• 7 days of sick leave
• 2 days bereavement leave
• 11 paid Federal holidays
• Up to 40 hours for jury duty
• 401K with 4% employer contribution (and no vesting period)
• Up to 4 weeks of paid paternity and maternity leave
• Company provided laptop
• $5,000 per year for professional development
• $600 per year for technical supplies and equipment
• $2,000 referral bonus
• Life and disability insurance
• HSA and FSA
• Legal Shield and ID Shield Voluntary Benefits
• Opportunity to work in a collaborative, motivated team focused on modernizing government services with cutting-edge technology and innovative solutions.