Connectivity Everywhere
Security and Compliance Lead
Location
United States
Posted
74 days ago
Salary
$180K - $215K / year
Seniority
Senior
Job Description
Security and Compliance Lead
Aalyria
• Own CMMC L2 certification and FedRAMP High authorization efforts end-to-end, including gap analysis, remediation tracking, evidence collection, and assessment coordination. • Maintain compliance with DFARS cybersecurity clauses (7012, 7019, 7020), ITAR, EAR and other federal requirements; manage SPRS score and supplier requirements. • Develop and maintain System Security Plans, POA&Ms, policies, procedures, and supporting artifacts across all compliance frameworks. • Serve as primary point of contact for C3PAO/3PAO assessors, government customers, prime contractors, and agency authorizing officials. • Manage continuous monitoring activities including vulnerability scanning, access reviews, evidence collection, and monthly/annual reporting. • Monitor regulatory changes across CMMC, FedRAMP, NIST 800-171/800-53, DFARS, and ITAR; assess impact and drive necessary updates. • Implement security controls hands-on, including identity and access management, logging, encryption, and endpoint security. • Harden cloud infrastructure in GCP, AWS, implementing security configurations and access controls aligned with compliance requirements. • Build automation and tooling for evidence collection and compliance reporting; integrate security into CI/CD pipelines. • Define, document, and enforce CUI boundaries and enclave architecture. • Translate compliance requirements into actionable technical guidance for engineering teams. • Support customer security assessments, due diligence requests, and contract security requirements.
Job Requirements
- 7+ years of experience in security roles with demonstrated compliance and technical responsibilities.
- Deep knowledge of federal compliance frameworks: NIST 800-171, NIST 800-53 Rev 5, CMMC 2.0, FedRAMP, and ITAR compliance and cybersecurity requirements.
- Experience preparing for and supporting third-party assessments (C3PAO, 3PAO, FedRAMP JAB/Agency, or equivalent).
- Hands-on technical skills: ability to write scripts, Terraform, and troubleshoot access issues.
- Cloud security experience securing cloud environments (GCP preferred; AWS GovCloud).
- Experience with enterprise IAM platforms (Okta, Azure AD, or similar).
- Excellent documentation skills with ability to write policies that satisfy auditors and implementation guides that engineers can use.
- Strong communication skills with comfort presenting to auditors, executives, government customers, and authorizing officials.
- Combined experience in both compliance/GRC and hands-on technical security implementation.
- Ability to interpret NIST 800-53 controls and implement them in cloud environments.
- Working knowledge of CMMC, FedRAMP, and DFARS frameworks, including overlapping control requirements.
- Demonstrated ability to operate effectively in fast-paced environments with competing priorities.
- Experience building or significantly maturing a compliance program.
- U.S. Citizenship required.
Benefits
- Innovative Environment: Work at a cutting-edge company shaping the future of aerospace communications.
- Impactful Work: Directly contribute to critical national security programs and initiatives.
- Growth Opportunities: Expand your career with opportunities for professional development and advancement.
- Inclusive Culture: Be part of a collaborative, supportive, and inclusive workplace where your contributions matter.
- Flexibility: Flexible working arrangements including hybrid remote/in-office schedules.
- Competitive salary, comprehensive benefits (401(k), dental, vision, health, life insurance), paid time off, and equity options.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Physical Security Designer, Estimator
Wachter, Inc.Wachter enables business transformation by solving complex challenges to keep your organization successful.
• Assist the Systems Engineering and Sales Departments in developing technical Solutions that meet customer requirements. • Maintain current knowledge of the equipment and technologies he/she supports by attending training provided by the manufacturer. • The ability to read and understand RFPs, technical drawings, and technical requirements for IT-focused projects. • A good methodical approach to tasks, ability, and interests to learn new technologies. • Will be required to continue to learn new physical security solutions (Video surveillance and access control) and as a plus an understanding of electrical limitations with respect to physical security. • Self-motivated, able to meet deadlines and maintain quality of work under pressure.
Senior Security Engineer – Automations, Appsec Product Security
XepelinPlataforma de soluciones financieras para toda empresa.
• Diseñar, desarrollar y mantener herramientas internas/servicios de seguridad enfocados en automatización de procesos como vulnerability management, gestión de identidades, attack surface atumatic detection, security assessments, gestión de riesgos, etc. • Construir APIs y microservicios (principalmente backend) eficientes, seguros y escalables, utilizando Python (FastAPI o Flask), desplegados en entornos cloud y K8s. Conocimiento de Go será un plus. • Co-construir con los distintos sub-equipos de Cybersecurity y Platform steps en pipelines CI/CD enfocados 100% en el controles de seguridad. • Gestión de Vulnerabilidades y Respuesta • Pentesting Interno: Realizar pruebas de penetración profundas en aplicaciones web, móviles y APIs. • Triage y Priorización: Decidir qué se arregla primero basándose en el riesgo real del negocio, no solo en la puntuación CVSS. • Bug Bounty: Gestionar la relación con investigadores externos y validar los reportes entrantes. • Participar en el diseño y mejora continua de herramientas como SAST, pentesting automatizado. • Aportar una mirada de developer rigurosa a los estándares de codificación segura y calidad técnica del equipo. Tener experiencia en code review es un plus.
Security Engineer – Product & Production Infrastructure
WizSecure everything you build and run in the cloud
• Lead threat modeling and security review exercises across Wiz’s production and CI/CD environments – identifying and mitigating risks in our products and the cloud services that support them. • Drive vulnerability management and remediation efforts – prioritizing issues, implementing mitigations, and designing strategic preventative controls. • Extend our detection and response capabilities – building scalable solutions to identify malicious activity, triage alerts, and investigate and remediate incidents. • Build deep functional partnerships with Wiz’s engineering and operations teams – helping them deliver secure-by-design solutions.
En IRIUM nos preocupamos porque no dejes de perseguir tus sueños. Prepárate para conquistar tus metas, y ten siempre presente disfrutar del camino. Nos encontramos en la búsqueda del perfil de un/a Arquitecto/a Funcional de Sistemas con experiencia en sector bancario para colaborar en un proyecto en modalidad full-remote. ¿Qué estamos buscando? - Experiencia de unos 5 años en sector bancario, con conocimientos en procesos, servicios y aplicaciones. - Experiencia de unos 3 años en proyectos de despliegue de infraestructura. - Experiencia en sistemas distribuidos, servicios balanceados, firewall, red. - Conocimiento de Infraestructura y CPD. - Experiencia en sistemas operativos linux+windows. - Experiencia en gestores de BBDD (Oracle, SQL Server). - Experiencia en servidores de aplicación (Weblogic). - Experiencia en almacenamiento SAN, NAS. ¿Qué ofrecemos? - Contratación indefinida directamente con nosotros. - Banda salarial según experiencia y encaje con empresa y proyecto. - Modalidad full-remote, dentro de territorio español. - Buen clima laboral. - Acceso ilimitado a formación tecnológica puntera en modalidad barra libre. - Club de beneficios para empleados con descuentos directos y miles de ofertas en marcas, hoteles, agencias de viaje, cines, ropa... Pasarás a formar parte de un gran equipo de personas que estarán siempre dispuestas a ayudarte. IRIUM es una empresa formada por profesionales con inquietudes, dinámicos y resolutivos. Nuestros valores son la responsabilidad y el compromiso con el trabajo bien hecho, este es el espíritu que buscamos en IRIUM, sea cual sea tu edad, si te reconoces ¡esta es tu empresa!
