• As a Security Engineer at Offchain Labs, you will play a key role in defining and improving our cloud security posture and collaborate across teams to ensure that our operations are secure, compliant, and aligned with regulatory and industry best practices - such as SOC2. • Leverage your extensive experience in Cloud Security to design, implement, and improve secure cloud-native architectures and CI/CD pipelines. • Apply deep expertise in cloud infrastructure security to proactively identify risks, enforce best practices, and harden systems across the entire technology stack. • Automate security controls and educate developers for future-proofing against vulnerabilities. • Play an active part in designing and evolving the company’s overall information security governance and compliance program through: policies, standards, procedures, awareness. • Work closely with engineering, infrastructure, and product teams to make sure controls fit both business objectives and technical realities.

• Assess the current cloud and infrastructure security posture across AWS environments, Kubernetes platforms, and supporting services • Identify critical gaps and define a prioritized roadmap for improving security maturity across identity, runtime, network, and platform layers • Define and implement enterprise security controls across IAM governance, workload/runtime posture, and DNS security • Embed security guardrails, standards, and policies into the Platform Engineering and Cloud Center of Excellence (CoE) frameworks from the beginning of the transformation • Partner with platform teams to design secure-by-default self-service infrastructure patterns, templates, and workflows • Establish identity and access governance models including account strategy, role design, least-privilege policies, and federated access • Design and implement security standards for Kubernetes and containerized workloads, including supply chain security, workload isolation, and runtime protection • Define DNS and network security practices, including private networking, segmentation, service discovery, and threat protection • Collaborate with DevSecOps teams to integrate automated security testing, policy enforcement, and compliance checks into CI/CD pipelines • Support the creation of security observability, monitoring, incident response, and threat detection capabilities across the platform • Provide security leadership and mentoring to engineering teams to promote security ownership and best practices • Support organizational change management and stakeholder alignment to ensure security adoption across teams • Continuously evolve the security framework as the platform and operating model mature

• Assess the current cloud and infrastructure security posture across AWS environments, Kubernetes platforms, and supporting services • Identify critical gaps and define a prioritized roadmap for improving security maturity across identity, runtime, network, and platform layers • Define and implement enterprise security controls across IAM governance, workload/runtime posture, and DNS security • Embed security guardrails, standards, and policies into the Platform Engineering and Cloud Center of Excellence (CoE) frameworks from the beginning of the transformation • Partner with platform teams to design secure-by-default self-service infrastructure patterns, templates, and workflows • Establish identity and access governance models including account strategy, role design, least-privilege policies, and federated access • Design and implement security standards for Kubernetes and containerized workloads, including supply chain security, workload isolation, and runtime protection • Define DNS and network security practices, including private networking, segmentation, service discovery, and threat protection • Collaborate with DevSecOps teams to integrate automated security testing, policy enforcement, and compliance checks into CI/CD pipelines • Support the creation of security observability, monitoring, incident response, and threat detection capabilities across the platform • Provide security leadership and mentoring to engineering teams to promote security ownership and best practices • Support organizational change management and stakeholder alignment to ensure security adoption across teams • Continuously evolve the security framework as the platform and operating model mature

Role Description We’re hiring Senior NIST 800-53A Security Control Assessors for multiple federal assessment projects kicking off between. ⚠️ This is NOT a general GRC or compliance role. We are specifically looking for professionals who have hands-on experience executing full NIST 800-53A assessments, not just mapping controls or supporting audits. What you’ll actually be doing: - Developing Security Assessment Plans (SAP) with defined testing procedures (Inspect / Interview / Test) - Conducting control assessments across all control families (technical + administrative) - Interviewing control owners and validating implementation statements in SSPs - Performing evidence-based testing (logs, configurations, artifacts) - Writing Security Assessment Reports (SAR) with formal findings and risk ratings - Building POA&M entries tied to identified control deficiencies 🚫 Not a fit if your experience is limited to SOC 2, ISO 27001, or third-party risk management without hands-on 800-53A assessment execution. Qualifications - 5+ years of direct experience performing NIST 800-53A assessments - Proven ownership of SAP and SAR deliverables - Strong experience designing and executing control testing procedures - Background in RMF, FedRAMP, FISMA, or CMS ARS frameworks - Ability to independently validate controls beyond documentation review Requirements - Experience with CMS ARS / ARC-AMPE baseline (Nice to have) - Strong Excel-based evidence mapping and tracking (Nice to have) Benefits As a lean, growing firm, we prioritize results over red tape, offering you a direct seat at the table and a clear path for career progression as we scale. You won’t be just a number here; you’ll have the autonomy to make a visible impact on the business from day one.