Senior Security Engineer

About The Position

Requirements

• 5+ years of experience in security engineering, compliance, or information assurance roles
• Deep expertise in NIST 800-171 and NIST 800-53 security frameworks
• Proven experience developing and maintaining SSPs, POA&Ms, and audit-ready compliance documentation
• Hands-on experience supporting ATO/ATT processes in Federal or defense environments
• Strong experience with AWS cloud security, including IAM, VPC architecture, encryption, and logging
• Experience implementing security controls in containerized environments (Docker, Kubernetes, ECS)
• Solid understanding of identity and access management, secrets management, and network security principles
• Excellent written communication skills with the ability to produce clear, thorough, and audit-ready documentation
• Strong organizational skills and the ability to manage multiple concurrent compliance initiatives

Nice To Haves

• Experience supporting SOC 2 Type 2 audits and compliance readiness efforts
• Familiarity with FedRAMP authorization processes or IL4/IL5 environments
• Experience with AWS GovCloud and Federal-specific infrastructure requirements
• Relevant certifications such as CISSP, CISM, CompTIA Security+, or CAP
• Experience with compliance automation tools such as Vanta, Drata, or similar platforms
• Experience building secure multi-tenant SaaS architectures
• Familiarity with monitoring and observability tools (Prometheus, Datadog, CloudWatch) from a security perspective

Responsibilities

• Lead the development, documentation, and implementation of security controls aligned with NIST 800-171 and NIST 800-53 frameworks
• Own and maintain compliance artifacts including System Security Plans (SSP), Plans of Action and Milestones (POA&M), and supporting documentation
• Drive Assessment and Authorization (ATO) efforts, including preparation of authorization packages and coordination with assessors
• Collaborate with engineering and DevOps teams to integrate security controls into cloud infrastructure, CI/CD pipelines, and application architectures
• Conduct risk assessments, maintain risk registers, and lead remediation efforts for identified security gaps
• Develop and enforce security policies, procedures, and standards aligned with Federal and customer requirements
• Evaluate and document security controls across AWS environments, containerized systems, and operational processes
• Support SOC 2 Type 2 readiness, including audit preparation, evidence collection, and control validation
• Monitor changes in regulatory requirements and proactively update security controls and documentation
• Contribute to incident response planning, documentation, and post-incident analysis

Benefits

• Competitive salary and benefits, including full health coverage, unlimited PTO, and flexible work hours.
• A supportive and innovative team environment that values collaboration and creativity.
• The chance to deliver high-impact solutions, contributing to the success of a small, fast-moving team where your work will make a tangible difference