Senior Compliance Operations Engineer

Wiz, Inc.

About The Position

Come join the company that is reinventing cloud security and empowering businesses to thrive in the cloud. As the fastest-growing startup ever, Wiz is on a mission to help organizations secure cloud environments that will accelerate their businesses. Trusted by security teams all over the world, we have a proven track record of success and a culture that values world-class talent. Our Wizards from over 20 countries work together to protect the infrastructure of our hundreds of customers, including over 50% of the Fortune 100, who trust us to scan and secure over 230 billion files daily. We’re the leading player in a massive and growing market, but it’s still early enough for you to make a significant impact. At Wiz, you’ll have the freedom to think creatively, dream big, and use your full range of skills to contribute to our record growth. Come join our team and help us create secure cloud environments that allow the best companies to move faster. SUMMARY The Corporate & Public Sector Strategy Team aims to accelerate Wiz’s growth by developing a comprehensive strategy, in tight partnership with all other organizations, to drive customer value and adoption. As we continue to grow at an incredible speed, we work to ensure each sales team member is set up for success at every phase. We take both a bird’s eye view and dive into the weeds to solve problems as a team to drive employee success and revenue. We are seeking an experienced Senior Compliance Operations Engineer that will contribute to the operationalization, sustainment, and continuous improvement of our FedRAMP High and DoD IL5 compliant cloud environments. This senior individual contributor role bridges compliance requirements with real-world engineering practices, ensuring our cloud services meet stringent federal and defense standards while maintaining high availability, security, and audit-readiness. You will serve as a key technical SME on NIST SP 800-53 controls (tailored for FedRAMP High and DoD SRG IL5 overlays), translate regulatory mandates into automated controls and monitoring, lead continuous monitoring activities, oversee remediation efforts, and play a major role in assessments/audits. This position requires deep hands-on experience implementing and operating compliance in FedRAMP High + DoD IL5 cloud systems (AWS GovCloud, Azure Government, or equivalent). You will be asked to quickly learn the challenges of the business and find ways to simplify processes within our compliance operations to increase productivity and efficiency. More importantly, the role requires a personality that promotes collaboration and unity.

Requirements

7+ years of hands-on experience in cloud security engineering, compliance operations, or GRC roles, with at least 4+ years directly supporting FedRAMP Moderate/High and DoD IL4/IL5 authorizations.
In-depth expertise in NIST SP 800-53 Rev. 5, FedRAMP baselines (especially High), DoD Cloud SRG, and associated control overlays for IL5.
Proven track record implementing and operating continuous monitoring in production FedRAMP and DoD IL4/IL5 environments, including vulnerability management, configuration compliance, and audit evidence generation.
Experience with DoD-specific tools/processes (e.g., eMASS, ACAS, HBSS, STIGs).
Experience with DoD BCAP architecture and configuration.
Strong experience with cloud platforms in government spaces (AWS GovCloud, Azure Government, Google Cloud for Government, or equivalent) and associated security services.
Proficiency in automation/scripting (Python, Bash, PowerShell) and Infrastructure as Code (Terraform, Ansible, Puppet/Chef preferred).
Familiarity with tools for compliance automation and scanning (e.g., Chef InSpec, OpenSCAP, Qualys, Tenable, AWS-native tools, Azure Security Center).
U.S. Citizenship required (due to handling of CUI and potential access to controlled environments).
Ability to obtain and maintain a U.S. Secret or higher security clearance (active clearance strongly preferred).
Active security certifications such as CISSP, CCSP, CISM, AWS/GCP/Azure Security Specialty, or DoD 8570/8140 IAT Level III / IAM Level III.
Knowledge of additional frameworks that overlap with FedRAMP/DoD (e.g., CMMC, NIST 800-171/172, FISMA).
Candidates must meet EAR part 772 and ITAR 120.15 definition of a U.S. person (Any individual who is granted U.S. citizenship; or any individual who is granted U.S. permanent residence (green card holder); or any individual who is granted status as a “protected person”) and that they reside in the contiguous United States.

Responsibilities

Document security controls and architectures that satisfy FedRAMP High baseline requirements and DoD Cloud Computing Security Requirements Guide (SRG) overlays for Impact Level 5 (including handling of high-sensitivity CUI and unclassified National Security Systems).
Oversee continuous monitoring (ConMon) programs including vulnerability scanning, configuration monitoring, log aggregation/analysis, boundary protection validation, and monthly/ongoing reporting to meet FedRAMP and DoD expectations.
Translate NIST 800-53 Rev. 5 controls and DoD-specific enhancements into operational requirements; partner with engineering, DevOps, and product teams to embed compliance into their processes.
Lead preparation, evidence collection, and remediation for FedRAMP reassessments, 3PAO audits, DoD Provisional Authorizations, Significant Change Requests (SCRs), and contribute to Plan of Action & Milestones (POA&M) management.
Automate compliance validation for control implementation verification and drift detection.
Conduct technical risk assessments, root-cause analysis on compliance findings, and provide guidance for implementation of compensating controls or hardening measures in cloud environments.
Support incident response and boundary protection activities in IL5 environments, ensuring alignment with DoD policies for mission-critical workloads.
Maintain and update compliance documentation including System Security Plans (SSP), control implementation descriptions, architectural diagrams, and boundary definitions.
Collaborate cross-functionally with legal, product, engineering, and federal customer teams to scope new features/services while preserving authorization boundaries.
Mentor others on FedRAMP/DoD compliance best practices and contribute to internal training programs.
Align and coordinate complex, cross-functional federal programs/projects which include FedRAMP and/or DoD authorizations and/or the operational process requirements needed to meet ongoing operational requirements.

Benefits

Medical, dental and vision insurance
Home Office Setup reimbursement
Flexible Spending Accounts
Monthly Connectivity reimbursement
Employee Assistance Program (EAP)
Short- and Long-term Disability Insurance
Life & Accident Insurance
401(k) Retirement Savings Plan (with employer match)
Flexible paid time off + 11 paid holidays
Paid leave programs, including parental, pregnancy health, medical and bereavement leave