Security Engineer Remote Jobs in Washington (US)
This page tracks remote security engineer openings that are location-eligible for Washington.
This page tracks remote security engineer openings that are location-eligible for Washington.
Open jobs
3,901
Hiring companies this week
10
Salary sample
$79,608 - $201,300
Jobs added last hour
0
3901 Jobs
1978 Companies
Enabling the Frontline of Cybersecurity
• Develop, execute, and evaluate cybersecurity exercises • Manage cyber threats by monitoring and responding to security incidents • Design and implement security controls for organization’s infrastructure • Analyze malware to understand behavior and defend against it • Simulate cyberattacks to identify vulnerabilities in systems
• Own Filevine’s FedRAMP 20x Moderate strategy, delivery plan, certification readiness, and ongoing compliance posture. • Lead the design and execution of FedRAMP evidence automation, continuous monitoring, and reporting required for Marketplace certification and sustained authorization. • Serve as the single-threaded owner for FedRAMP engagements with 3PAOs, the FedRAMP PMO, agency stakeholders, and internal executive sponsors. • Set the roadmap and priorities for dedicated FedRAMP engineering resources, ensuring regulatory requirements become shipped technical controls, automated evidence, and operationally sustainable processes. • Own POA&M governance, risk acceptance workflows, certification readiness reporting, and remediation planning across product and platform teams. • Ensure FedRAMP implementations are pragmatic, risk-based, technically grounded, and appropriately scoped for Filevine’s architecture, maturity, and business priorities. • Provide clear, consistent executive reporting on progress, risk, tradeoffs, dependencies, resourcing needs, and certification readiness. • Drive governance for vulnerability findings from scanning tools, penetration tests, customer reviews, audits, and bug bounty programs, including risk adjustment, remediation ownership, escalation, and executive tradeoff decisions. • Maintain a single source of truth for security/compliance status, control gaps, remediation commitments, and customer-facing trust claims. • Ensure trust center materials, customer security responses, sales enablement messaging, and public compliance claims are accurate, current, and defensible. • Translate privacy obligations and customer commitments into product, engineering, and operational requirements. • Support AI and data governance efforts by ensuring privacy, security, and customer trust requirements are reflected in product and operational decisions. • Drive alignment between compliance goals, engineering capacity, product strategy, customer commitments, and business risk.
Role Description This role’s mission & overview: Camps trust Campminder to keep their data safe, and that trust is what lets them focus on running a great summer. You'll own how we protect that data end to end: - Architecting and hardening our security infrastructure - Carrying our PCI and SOC2 programs through every audit - Setting the roadmap that keeps us ahead of real threats - Being the person the engineering org comes to on security - Defining what good looks like at Campminder As a Senior Cybersecurity Engineer on our Engineering team, you will: - Manage identity and access infrastructure, including Azure conditional access, Okta SSO, and Auth0, keeping MFA and zero-trust enforced across production and internal apps - Integrate security scanning (SAST, DAST, SCA) into CI/CD pipelines and drive remediation before code reaches production - Configure, tune, and harden WAF rules across our web applications - Own vulnerability scanning and remediation using tools like Mondoo and SecurityMetrics, and administer EDR, DLP, and SIEM/XDR tooling across servers and endpoints - Manage secrets and credentials in build pipelines, including vault-based storage, rotation, and least-privilege service accounts - Execute PCI technical controls: SAQ completion, quarterly ASV scans, and disaster recovery implementation - Harden containerized and cloud-native environments, including image scanning and Kubernetes configuration - Coordinate pen testing engagements and drive remediation against SLA timelines - Run security awareness training programs (KnowBe4, Security Journey) and maintain AI usage oversight, including approved tooling, code-gen governance, and supply-chain monitoring Qualifications - 5+ years in security engineering or DevSecOps, with hands-on ownership of both pipeline-level and infrastructure-level security - Experience configuring IAM and SSO platforms (Okta, Auth0) alongside cloud-native identity controls like Azure conditional access - Comfort embedding security directly into CI/CD workflows: SAST/DAST/SCA tooling, secrets management, and policy-as-code - A track record hardening containerized and cloud-native environments, including Kubernetes and image scanning - Experience executing PCI or similar compliance technical controls (scans, SAQs, evidence prep); program ownership isn't required, but you know how to translate auditor requirements into engineering work - Familiarity administering SIEM/XDR and EDR/DLP tooling - The judgment to triage real vulnerabilities over theoretical ones, and to know when to escalate versus fix directly - Experience running or supporting security awareness and training programs - Exposure to AI tooling governance, such as MCP inventories, code-gen release gating, or supply-chain monitoring for AI-assisted development Benefits - Robust medical, dental, and vision coverage options with generous employer contributions, plus a $500 employer HSA contribution for HSA-compatible plans - Ability to choose where you work - remotely, in the office, or a mix! - A variety of resources to support mental health and emotional well-being - 12 weeks of 100% paid parental leave for all new parents, including via adoption, surrogacy, and foster care - 401(k) with 4% company matching - Trust-Based (flexible) PTO (and yes, we use it!) - $900/year wellness allowance - Company-paid subscriptions, training, and support for using AI professionally and personally Company Description We know the best people can choose to work anywhere. Here’s a few reasons why 100+ of them choose Campminder: - With 20+ years experience of serving the industry through its digital transformation, we’re stable, profitable, and have developed a loyal customer base (that continues to grow). - We build software for summer camps, an industry that enables meaningful experiences for kids. - We work on interesting, ambitious projects that create real value for our clients. - We know our team members feel their work has an impact on the organization’s purpose. - We are genuinely committed to work/life balance. - We invest in emerging technology and cutting-edge leadership and are proud to take an "AI-Enabled" approach in our solutions. - We’ve been listed on Outside Magazine’s 50 Best Places to Work for 8 consecutive years for our values-led culture and employee experience.
This is a remote position.
Role Description We are seeking an experienced Cybersecurity Assessment & Authorization (A&A) Subject Matter Expert (SME) to support Department of Defense (DoD) cybersecurity programs. The A&A SME will lead Risk Management Framework (RMF) activities, support the Authorization to Operate (ATO) lifecycle, and provide expert guidance on cybersecurity compliance for complex enterprise environments, including traditional IT, cloud-hosted systems, operational technology (OT), applications, and outsourced IT services. The position requires expertise in NIST SP 800-53, DoD cybersecurity policies, and enterprise risk management. Key Responsibilities - Serve as the cybersecurity SME for Assessment & Authorization (A&A) and RMF activities. - Lead and support the development, review, and maintenance of RMF authorization packages, including SSPs, SARs, POA&Ms, and ATO documentation. - Assess security controls in accordance with NIST SP 800-53 and DoD cybersecurity requirements. - Evaluate vulnerabilities, determine residual risk, and recommend risk mitigation strategies to support authorization decisions. - Conduct security control assessments and continuous monitoring activities to maintain system authorization. - Support enterprise cybersecurity compliance for on-premises, cloud, and hybrid environments. - Advise Information System Owners (ISOs), ISSMs, ISSOs, engineers, and Authorizing Officials throughout the RMF process. - Prepare executive-level briefings and communicate cybersecurity risks, authorization status, and remediation recommendations to senior leadership. - Ensure compliance with DoD cybersecurity policies, DISA STIGs, and applicable federal security standards. Qualifications - Minimum five (5) years of relevant experience in Assessment & Authorization (A&A), Certification & Accreditation (C&A), Risk Management Framework (RMF), and NIST cybersecurity compliance within a DoD environment. - Demonstrated experience conducting security control assessments and authorization reviews for large, complex organizations. - Strong knowledge of NIST SP 800-53, DoDI 8510.01, DoD RMF, continuous monitoring, and cybersecurity governance. - Excellent analytical, technical writing, communication, and briefing skills. Requirements - Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field (or equivalent experience, if permitted by contract). - DoD 8570/8140 Baseline Certification – IAM Level III (e.g., CISSP, CISM, GSLC, or equivalent approved certification). Benefits - 401(k) - Dental insurance - Health insurance - Paid time off - Vision insurance Company Description This is a remote position.
• Lead efforts that are focused on protecting patients, our employees, and Aledade as a whole • Develop the IAM team and roadmap by working closely with various departments • Manage key threats and risks • Collaborate with cross-functional partners to increase the impact of the team’s work • Work closely with company-wide leaders to drive excellence in processes and systems
At Bluestaq, we build secure data platforms that matter for space missions, national defense, healthcare systems, and commercial innovation. Founded in 2018, we've become a leader in enterprise software and secure data management. Recognized as one of Inc. Magazine's Fastest-Growing Private Companies. Consistently ranked among Colorado's Best Workplaces.
Role Description NSPM-11 directs the national security enterprise to adopt AI fast and assure it across the full stack, down to the data pipeline. We are hiring a Principal AI Engineer, AI Security to build agentic and mission AI on the Bluestaq platform. You will prove it secure and resilient from design through deployment. This is a senior individual-contributor role with a player-coach path. You will deliver hands-on now and stand up and lead a small AI team as the work grows. You will be the AI technical authority across the full lifecycle, from shaping bids to assuring what we deliver. What you'll do - Serve as the AI Security technical authority on captures and bids. - Translate mission-owner AI and AI-security requirements into solutions that win. - Build credibility with technical buyers across the IC, DoD, and partners. - Own AI-assurance/security roadmap for the platform, spanning model security, runtime protection, and threat modeling for AI built on Bluestaq data. - Partner with engineering to embed assurance by design. - Design and assure AI for environments mission owners operate in, including disconnected, classified, and air-gapped settings. - Threat-model AI systems against significant attacks: adversarial inputs, model extraction and distillation, data and supply-chain poisoning, and agentic or tool-use abuse. - Establish and carry the external voice on secure AI for national security through talks, writing, and demonstrated technical work. - Ensure delivered AI meets the assurance, TEVV, and supply-chain standards mission owners depend on. - Connect AI-security work into Bluestaq's broader AI platform. - Stay ahead of AI/ML advances and bring in the ones that offer real advantage. - Coach mission owners and non-technical stakeholders on realistic AI capabilities. - Spot gaps in Bluestaq's AI tooling, skills, or process and drive proposals that close them. - Hire and lead a small AI team as the pipeline grows. Qualifications - Five or more years across AI security architecture, AI/ML engineering, or a closely related combination. - Hands-on experience securing modern AI systems: LLMs, retrieval-augmented generation, and agentic or tool-using architectures. - Working command of the AI threat landscape and practical countermeasures. - Cloud security depth, AWS preferred. - Ability to translate AI risk for different stakeholders. - The seniority to own a domain, set standards, and influence engineering decisions. - U.S. citizenship and the ability to obtain and maintain a U.S. government security clearance. Requirements - Active TS/SCI. - A public technical record in AI security: research, conference talks, open tooling, red-team writeups, or sustained content. - Experience delivering and assuring AI in regulated or government environments. - Familiarity with the federal AI assurance landscape, including NIST AI RMF, TEVV, and the NSPM-11 mandate. - Secure AI/ML supply-chain experience: model and dataset provenance, third-party model risk, and the equivalent of an SBOM for models. - Experience standing up an AI or AI-security capability from zero and growing a team into it. Education - Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent experience. - Advanced degree preferred. Required Location & Travel This position is remote, open to candidates based in Colorado or Virginia, with up to 12 trips per year to customer, partner, or government sites, including secure facilities. Salary Range (CO) $200,000 — $300,000 USD Clearance Requirement This position may require the ability to obtain a TS/SCI Clearance. To be eligible for a security clearance, U.S. citizenship is required, and an employee must agree to participate in a background screen and credit check. Relocation This position does not offer relocation. Candidates must live in the immediate area or relocate at their own expense. Date the Position Closes Applications will be accepted for 60 days beyond the posting date, or until the position is filled, whichever comes first. Company Description At Bluestaq, we build secure data platforms that matter for space missions, national defense, healthcare systems, and commercial innovation. Founded in 2018, we've become a leader in enterprise software and secure data management by staying focused on what counts: modern architecture, operational excellence, and mission impact. We're engineers, problem-solvers, and builders who take the mission seriously, but not ourselves. We automate the repeatable, question the status quo, and design systems that are as reliable as they are scalable.
Molina Healthcare is a Fortune 500 managed care company with a storied history that dates back to 1980 and the opening of a medical clinic by Dr. C. David Molina. As an employer, M
Role Description This role provides dedicated engineering ownership for Molina’s Secure Access Service Edge (SASE) platform and enterprise data protection capabilities, with supporting responsibility for endpoint resilience technologies such as Dell Absolute. The position is responsible for the design, stability, and operational effectiveness of secure access and data protection services that are critical to workforce access, vendor connectivity, and regulatory compliance. Key Responsibilities - Serve as the primary technical owner for Molina’s SASE / Secure Access platforms. - Design, implement, and maintain secure access policies for workforce, third‑party, and application access. - Lead troubleshooting, root‑cause analysis, and remediation of SASE‑related production issues. - Manage vendor escalations, upgrades, and roadmap alignment. - Assist on supporting Microsoft Purview Data Loss Prevention (DLP), sensitivity labeling, and cloud data controls. - Provide engineering oversight for endpoint persistence and recovery technologies (e.g., Dell Absolute) to ensure devices remain recoverable and enforceable. - Develop standards, documentation, and runbooks; support audit and compliance activities. - Develop AI Automation. Qualifications - Bachelor's Degree. - 5-7 years of experience in security engineering. - Strong experience with SASE / Secure Web Gateway technologies, preferably Zscaler. - Working knowledge of data protection / DLP, preferably Microsoft Purview. - Experience with endpoint persistence or recovery platforms such as Dell Absolute (or equivalent). - Experience working in a regulated enterprise environment. - Industry certifications preferred. Benefits - Molina Healthcare offers a competitive benefits and compensation package. - Molina Healthcare is an Equal Opportunity Employer (EOE) M/F/D/V.
Litigation finance to contingency law firms of all sizes. Focused on providing law firm funding.
• Lead enterprise IT operations, infrastructure, cloud services, and cybersecurity • Own the full lifecycle of IT operations and information security • Manage on-prem network and servers (VLANs, firewalls, DNS/DHCP) and the Azure Government / M365 GCC High environment • Administer hybrid identity (AD / Entra ID): provisioning, access reviews, MFA, PIM • Oversee Tier 2/3 support, onboarding, and hardware lifecycle to SLA targets • Lead IT projects and migrations; manage vendors, licensing, and assets • Own the CMMC Level 2 / NIST SP 800-171 program • Report posture, risk, and budget performance to leadership
ServiceNow provides cloud-based services that automate enterprise information technology operations. As an employer, ServiceNow offers a challenging, collaborat
Company Description It all started when engineer Fred Luddy wrote code that automated a tedious task for his coworker, Phyllis. She cried tears of joy. That moment inspired Fred to build a company that could do that for everyone-freeing people from busywork so they could focus on meaningful work. Today, ServiceNow is the AI control tower for business reinvention. Our ServiceNow AI platform brings together any AI, any data, and any workflow- helping 85% of the Fortune 500® work smarter, faster, and better. We're building an AI-native culture where technology and talent are unstoppable together. And we're just getting started. Join us to put AI to work for people. Job Description The ServiceNow Security Organization (SSO) The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact About the role ServiceNow seeks a senior staff-level product security engineer to serve as a senior technical authority within the Product Security Incident Response Team (PSIRT). PSIRT is ServiceNow's awareness, response, and investigation capability for post-release vulnerabilities in ServiceNow-developed products and service offerings. This role is for a recognized expert who can operate independently and as part of a team on the most significant security issues facing the platform-vulnerabilities that require evaluating intangibles. You will lead deep-dive investigations, coordinate resolution across engineering, product, and release teams, and demonstrate calm, decisive leadership during significant security events. This is a role for someone who already understands product development cycles and the engineering and product relationships that drive them-and will use that fluency to lead fixes to completion under incident pressure. You will help shape how ServiceNow responds to product security vulnerabilities at scale and the technical rigor of the entire response capability. Key Responsibilities Lead Through Significant Security Events - Provide additional response coverage outside of normal working hours for significant product vulnerabilities as they emerge. - Demonstrate technical and organizational leadership during these events-bringing structure and clear decision-making under pressure. - Partner with incident commanders, business information security leadership, engineering, and customer-facing teams to maintain clear ownership, workstream prioritization, and hand-offs during these events. Reduce Exposure Window - Drive coordinated response across affected releases, balancing risk and remediation feasibility. - Leverage an understanding of product development cycles and engineering/product partnerships to move fixes through the release pipeline without stalling on organizational boundaries. - Verify fix completeness and guard against incomplete mitigations before release. Drive the CVE & Coordinated Disclosure Process - Lead ServiceNow's CVE disclosure process-owning CVE assignment, scoring, advisory content, and publication timing. - Collaborate with external security partners, vendors, and researchers on coordinated disclosures, aligning timelines and messaging across parties. - Conduct technical accuracy reviews of external advisories, researcher write-ups, and joint disclosure content to ensure correctness before publication. - Represent PSIRT's technical position in multi-party coordinated disclosures and researcher engagements. Pursue After-Action Outcomes & Continuous Improvement - Author postmortems and drive lessons learned to closure following product security incidents. - Participate in retrospectives following significant product security events, translating findings into concrete process and technical improvements. - Contribute to partner teams tracking product security risk themes and trends across the portfolio. - Contribute to SDLC improvement areas, feeding incident learnings upstream into secure development practices. Qualifications Qualifications - Minimum 12 years of related experience with a Bachelor's degree; or 8 years with a Master's degree; or a PhD with 5 years of experience; or equivalent experience. - Minimum 5 years of auditing source code for security vulnerabilities. - Demonstrated leadership during significant security events or major incidents, with willingness to participate in on-call. - Ability to read and comprehend Java and JavaScript code. - Strong understanding of common Java and JavaScript vulnerabilities. - Proficiency in scripting in both Python and JavaScript for data gathering, processing, and visualization. - Development of proof-of-concept exploits for web application vulnerabilities. - Written and verbal communication of complex security risk clearly to both technical teams and leadership. - Experience with leading fix implementation and release coordination across engineering, product, and test/release teams. - Proficiency in deep-dive product security investigations and root-cause analysis spanning design, code, configuration, and operational layers. - Exploit analysis and proof-of-concept development that distinguishes real exploitability from theoretical risk. - Familiarity with SDLC integration, CI/CD pipelines, SaaS threat models, and secure development practices. - Experience leading a CVE disclosure process, including CVE assignment, scoring (CVSS), and advisory publication. Preferred Qualifications - Experience in a PSIRT or similar function for a major software or SaaS platform. - Recognized expertise in product security incident response, vulnerability research, or application security within a software or SaaS environment. - Experience conducting vulnerability assessments on the ServiceNow platform. - Experience with emerging threats: AI-specific attack vectors, software supply chain security, and SDLC tooling security. - Experience with cloud infrastructure (AWS, Azure, GCP) and containerized environments. - Relevant security certifications (e.g., OSWE) or demonstrated equivalent expertise. #SecurityJobs For positions in this location, we offer a base pay of $201,300 - $352,300, plus equity (when applicable), variable/incentive compensation and benefits. Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. Please note that the base pay shown is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location. We also offer health plans, including flexible spending accounts, a 401(k) Plan with company match, ESPP, matching donations, a flexible time away plan and family leave programs. Compensation is based on the geographic location in which the role is located and is subject to change based on work location. Additional Information Work Personas We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here . To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service. Equal Opportunity Employer ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. Accommodations We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact globaltalentss@servicenow.com for assistance. Export Control Regulations For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. From Fortune. ©2026 Fortune Media IP Limited. All rights reserved. Used under license.
Peoplebank provides comprehensive IT and digital recruitment services for both talent and clients, offering a range of contract staffing, permanent placements,
Title: Senior-Security-Engineer | www.peoplebank.com.au Location: Canberra Australia Job Description: Work Type: Contract Industry: Cyber / Information Security Our client is currently seeking a highly skilled Senior Security Engineer to join their cybersecurity team. This is a contract role commencing ASAP for an initial period of 12 months, with 2X12 months extension options. The role offers a hybrid work arrangement, requiring attendance at the office for two days per week, with flexible work options across various locations including Queensland, Western Australia, Australian Capital Territory, Victoria, New South Wales, Northern Territory, South Australia, and Tasmania. As the selected candidate, you will: - Design, implement, and configure security controls across cloud and enterprise environments, including tools such as Microsoft Sentinel, Microsoft Defender suite, Entra ID, and endpoint security solutions. - Work closely with the architecture team to embed security best practices into solution design and deployment processes. - Integrate security measures into CI/CD pipelines, ensuring secure pipeline design, parameter handling, and vulnerability scanning. - Develop and manage security controls using Infrastructure as Code (IaC) tools such as Bicep, ARM templates, or Terraform, supported by scripting in PowerShell or Python for automation. - Configure, tune, and maintain security monitoring platforms, including threat detection, analytics rules, and automation playbooks in Microsoft Sentinel. - Conduct vulnerability assessments, manage third-party dependencies, and prioritise remediation activities based on risk and impact. - Support incident response efforts, including root cause analysis, threat hunting, and implementing remediation measures. - Ensure compliance with organisational cybersecurity policies through regular audits and checks. - Develop threat intelligence reports and contribute to proactive threat hunting to identify and mitigate emerging threats. To be successful in this role, you should have: - Extensive hands-on experience in cybersecurity operations, including security monitoring, incident response, and threat analysis in enterprise environments. - Proven experience integrating security controls into CI/CD pipelines, particularly using Azure DevOps. - Strong knowledge of cloud security, including configuring and managing Microsoft Azure services such as Microsoft Sentinel, Microsoft Defender, Entra ID, and Intune. - Expertise in Infrastructure as Code (IaC) to automate deployment of security controls, with proficiency in tools like Bicep, ARM templates, Terraform, and scripting languages such as PowerShell or Python. - Excellent problem-solving skills, with the ability to troubleshoot and resolve security issues swiftly, often under pressure. - Ability to translate business requirements into effective, secure technology solutions and evaluate alternative options when necessary. - Demonstrated capacity for critical thinking, analytical skills, and proactive security threat management. It is desirable if you have: - Prior experience working within government or highly regulated environments. - Relevant security certifications such as CISSP, CISM, or Azure Security Engineer Associate. Due to security clearance requirements for this role, candidates must be Australian who hold current Baseline/NV1 Security Clearances. Apply now for immediate consideration – contact Param Kaur on 02 6268 9781 quoting Job Reference: # 270734 Please note: Only candidates that meet the above criteria will be contacted. Thank you for your interest in the position. Please note that Aida, our after-hours AI conversational screening assistant, may be used as part of the initial application process. Peoplebank and Leaders IT are committed to creating a diverse and inclusive workplace where everyone belongs. We welcome applications from people of all backgrounds, identities, and experiences. If you need adjustments to the recruitment process due to your circumstances, please let us know—we’re here to support you.
3,891more opportunities are still waiting for you.Log in now and take your next shot before someone else does.
AI, Cloud, Cyber Security, Azure, Observability/Monitoring, Python