Distinguished Security Engineer – FedRAMP

3 Months ago • 15 Years + • Cyber Security

Job Summary

Job Description

Saviynt is seeking a Distinguished Security Engineer focused on the FedRAMP program. This role involves leading technical and Governance, Risk and Compliance (GRC) efforts, scaling InfoSec and GRC functions, and managing projects in an Agile environment. The engineer will be responsible for developing System Security Plans (SSP), driving FedRAMP audits, reviewing security documentation, and serving as the Governance POC. Key duties include identifying governance requirements, assessing risks, liaising with cross-functional teams, executing compliance assessments, drafting security policies, automating GRC processes, performing vulnerability scans, and supporting customer compliance queries. The position also involves defining project scope, developing work products, conducting risk assessments, and optimizing security questionnaire processes.
Must have:
  • U.S. Citizenship
  • Bachelor's degree or equivalent experience
  • 15+ years of experience
  • Knowledge of U.S. Federal Government security compliance and risk management
  • Experience with NIST RMF and NIST SP 800-53 Rev 5
  • Experience with vulnerability scanning and remediation
  • Experience managing Agile projects
  • Excellent written and oral communication skills
Good to have:
  • Experience with GRC tools and automation
  • Experience with common controls framework
  • Knowledge of current trends/technologies (Zero Trust, AI/ML, PAM)
  • Experience developing executive level presentations
  • Experience assessing project and technical documentation for compliance
  • Experience supervising or managing an Agile project team
  • Experience defining project scope and objectives
  • Experience with continuous monitoring and POA&M
  • Knowledge of HIPAA, FedRAMP, and GDPR/privacy
  • Experience with ISO 27001, PCI-DSS, SOC 1, SOC 2 is a plus

Job Details

Saviynt’s Enterprise Identity Cloud helps modern enterprises scale cloud initiatives and solve the toughest security and compliance challenges in record time. The company brings together identity governance (IGA), granular application access, cloud security, and privileged access (PAM) to secure the entire business ecosystem and provide a frictionless user experience. The world’s largest brands trust Saviynt to accelerate digital transformation, empower distributed workforces, and meet continuous compliance.

The Distinguished Security Engineer, Information Security, reports into Information Security leadership, and will lead various Technical and Governance, Risk and Compliance (GRC) efforts as they relate primarily to the FedRAMP Program.

The candidate will possess the ability to execute, scale, and continuously evolve the InfoSec and GRC functions to maximize the impact and oversight across the organization. The candidate must be comfortable managing projects in an Agile environment.

The candidate should be familiar with policy and compliance requirements, including policy documentation and system requirements to successfully respond to potential audits.

1. Prior experience working as a hands on Security Architect or Engineer. Solid understanding of cloud (AWS, Azure), containers and Kubernetes environments, and applications
2. Lead the evaluation and integration of security technologies, ensuring scalability, resilience, and compliance. as it pertains to FedRAMP environments
3. At least Senior Engineer level experience and practical hands-on working knowledge of secure solutions for cloud (AWS, Azure), containers and Kubernetes environments and applications
4. Ability to independently run vulnerability scans, triage results, establish exploitability of reported vulnerabilities, recommend risk mitigation controls, and deploy controls where needed
5. Ability to recommend monitoring enhancements needed, and evaluate detection alerts at a high level


WHAT YOU WILL BE DOING

  • Serve as the lead for Saviynt’s FedRAMP Info Sec and Compliance related activities
  • Taking Saviynt through FedRAMP certification and re-recertification journey
  • Develop System Security Plans (SSP), drive FedRAMP audit work with support from cross functional team members
  • Lead monthly ConMon discussions, especially the technical aspects
  • Review security documentation/artifacts such as audit reports, gap analysis reports, POA&Ms, etc.
  • Serve as the Governance POC both internally and externally.
  • Identify governance or compliance requirements, assess risks, review required forms
  • Serve as liaison across cross functional teams to help achieve Info Sec objectives. Proactively work with cross functional peers to establish InfoSec requirements and expectations, so that compliance checks provide assurance for implemented controls
  • Accountable for the execution of various compliance assessments throughout the year, primarily FedRAMP related audits. Ability to extend to other audits such as ISO 27001, PCI-DSS, SOC 1, SOC 2 is a plus
  • Draft and update key security documentation including policies, guidance documents, Contingency Plan, Incident Response Plan, etc.
  • Help automate GRC inefficiencies through automation and improved workflows.
  • Perform vulnerability scanning and provide remediation guidance as needed.
  • Have a working knowledge of the NIST CSF and RMF frameworks
  • Support customer requests as they pertain to Compliance queries and to other Information Security questions, with the support of technical Info Sec members
  • Develop and update Policies, Standards and Procedures per the organization’s policy framework
  • Establish and lead risk management activities, including identification of risk and recommended mitigations; track and manage risks and issues from identification through closure.
  • Establish and maintain appropriate metrics that will help measure the GRC posture of the company
  • Collaborate with key stakeholders to ensure successful execution of mission and business needs
  • Execute on GRC initiatives as defined within the security roadmap, while working with the broader Information Security team and technology teams
  • Conduct risk assessments, compile risk registers, and track risk remediation plans
  • Respond to requests from customers for information on our security measures
  • Completing vendor security reviews. Optimize and automate the security questionnaire process.
  • Review security clauses in customer and vendor contracts
  • Establish, review, and enhance security training and awareness programs
  • Support the business with customer engagements, including attending customer calls and supporting sales teams

WHAT YOU BRING

  • U.S. Citizenship: Applicants must be United States citizens.
  • Bachelor's degree or equivalent experience with a minimum of 15 years of experience
  • Knowledge of U.S. Federal Government security compliance, risk management processes and requirements, including NIST RMF and NIST SP 800-53 Rev 5 controls
  • Experience with GRC tools and automation is a plus
  • Experience with common controls framework, unified control framework (UCF) is a plus
  • Knowledge of current trends/technologies (i.e., Zero Trust, AI/ML, PAM, etc.) is a plus
  • Experience with vulnerability scanning, remediation, and continuous monitoring (ConMon)
  • Experience managing Agile projects with a focus on duties related to Product Owner
  • Experience developing executive level presentations to support Governance and broader Information Security updates to appropriate audiences
  • Experience assessing project and technical documentation to ensure compliance with established policies, processes, and procedures.
  • Requires sufficient technical background to be able to interpret audit and compliance requirements, and be able to support basic evidence gathering needs in support of audits
  • Ability to provide excellent written and oral communications by email, presentations, and mobile communication platforms (including: experience facilitating discussions, briefing senior managers, and conducting project meetings).
  • Experience supervising or managing an Agile project team.
  • Work on multiple projects and tasks concurrently
  • Experience defining project scope and objectives, developing detailed work products (schedules, status reports, etc.), conducting project meetings, and owning responsibility for project tracking and analysis.
  • Experience with continuous monitoring and Plans of Actions and Milestones (POA&Ms) is a plus
  • Knowledge of local legal and regulatory security requirements including HIPAA, FedRAMP, and GDPR/privacy
  • Flexible and collaborative approach to enabling and supporting the business
  • Strong stakeholder and relationship management skills

The candidate must:

  • Meet US persons on US soil requirements
  • Undergo full background investigation/screening
  • Undergo IAL3 requirements (Identity proofing to include I-9 document verification, biometric collection, and mailing address confirmation)


\n

If required for this role, you will:

- Complete security & privacy literacy and awareness training during onboarding and annually thereafter

- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):


> Data Classification, Retention & Handling Policy

> Incident Response Policy/Procedures

> Business Continuity/Disaster Recovery Policy/Procedures

> Mobile Device Policy

> Account Management Policy

> Access Control Policy

> Personnel Security Policy

> Privacy Policy


Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work which directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!


Saviynt is an equal opportunity employer and we welcome everyone to our team.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

Similar Jobs

Ramboll3 - Design Engineer Structural Towers & Telecom

Ramboll3

Hyderabad, Telangana, India (On-Site)
2 Weeks ago
PwC - EU Innovation Project Consultant

PwC

Athens, Greece (Hybrid)
1 Month ago
Zenoti - Gainsight Administrator

Zenoti

Hyderabad, Telangana, India (On-Site)
2 Months ago
PwC - Senior Associate - Capital Project & Infrastructure

PwC

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)
9 Months ago
Eventbrite - Senior Product Manager, Creator Acquisition

Eventbrite

Madrid, Community Of Madrid, Spain (On-Site)
3 Days ago
Nice - Information Security Engineer

Nice

Manila, Metro Manila, Philippines (Hybrid)
3 Weeks ago
Aledade - Staff Security Engineer (IAM)

Aledade

United States (Remote)
5 Months ago
NVIDIA - Intellectual Property Security Engineer

NVIDIA

Bengaluru, Karnataka, India (On-Site)
3 Months ago
Rackspace Technology - Sr. Cloud Security Engineer

Rackspace Technology

United States (Remote)
2 Days ago
Roblox - Senior Security Operations Analyst

Roblox

San Mateo, California, United States (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

FalconX - Lead Executive Assistant and Office Manager

FalconX

San Francisco, California, United States (On-Site)
1 Month ago
Capgemini - Presales Power Platform Architect

Capgemini

Chennai, Tamil Nadu, India (On-Site)
1 Month ago
Unity - Business Strategy Analyst

Unity

Tel Aviv-Yafo, Tel Aviv District, Israel (On-Site)
2 Months ago
Zuru - Influencer Research Executive

Zuru

Ahmedabad, Gujarat, India (On-Site)
1 Year ago
Alpha Sense - Cash Analyst

Alpha Sense

New York, New York, United States (On-Site)
1 Week ago
Realworld one - Senior Account Manager

Realworld one

Freiburg, Lower Saxony, Germany (On-Site)
9 Months ago
Accenture - Enterprise Performance Management - Manager

Accenture

Pune, Maharashtra, India (On-Site)
1 Week ago
Tesla - Dual Master's Sustainable Battery Production Engineering (M.Eng.)

Tesla

Brandenburg, Germany (On-Site)
5 Months ago
Ruselle Investments - Sales Support Analyst

Ruselle Investments

Mumbai, Maharashtra, India (On-Site)
2 Days ago
London stock Exchange - Senior Lead DevOps Engineer

London stock Exchange

Bangkok, Thailand (On-Site)
2 Weeks ago

Get notifed when new similar jobs are uploaded

Jobs in Atlanta, Georgia, United States

Scout - Senior Manager, Charging

Scout

United States (Remote)
2 Weeks ago
Ziff Davis - Creative Strategy Lead

Ziff Davis

Los Angeles, California, United States (Hybrid)
3 Weeks ago
CookUnity - Brand Marketing Director, Organic Growth

CookUnity

New York, United States (On-Site)
3 Days ago
Discord - Account Manager, Media and Entertainment

Discord

Los Angeles, California, United States (On-Site)
1 Week ago
singularity 6 - Art Application Drop Box

singularity 6

United States (Hybrid)
1 Year ago
DraftKings - Senior Analyst, Digital Marketing

DraftKings

Boston, Massachusetts, United States (On-Site)
3 Months ago
Coherent corp. - Sr. Quality and Reliability Manager

Coherent corp.

Sunnyvale, California, United States (On-Site)
2 Months ago
Litmus - Partner Sales Engineer – Cloud & Industrial Analytics

Litmus

United States (Remote)
1 Month ago
VVater - Senior Water - Wastewater Engineer

VVater

Austin, Texas, United States (On-Site)
2 Months ago
Experian - Senior Cyber Forensic Investigator

Experian

Allen, Texas, United States (Hybrid)
1 Month ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

Roof Stacks - Senior Cyber Security Engineer

Roof Stacks

Istanbul, İstanbul, Türkiye (Remote)
6 Months ago
Optiv - Client Director - Cybersecurity Sales

Optiv

San Francisco, California, United States (On-Site)
1 Month ago
Any Desk - Network Security Engineer

Any Desk

Tampa, Florida, United States (Hybrid)
2 Months ago
Canonical - Staff Security Operations Engineer

Canonical

(Remote)
2 Months ago
Qualcomm - Software Security Engineer

Qualcomm

Farnborough, England, United Kingdom (On-Site)
2 Months ago
Patreon - Security Engineer

Patreon

United States (Hybrid)
3 Months ago
Roblox - Senior Application Security Engineer

Roblox

San Mateo, California, United States (Hybrid)
5 Days ago
bytedance - Backend Software Engineer - Network Security

bytedance

San Jose, California, United States (On-Site)
4 Months ago
London stock Exchange - Cyber Threat Intelligence Analyst

London stock Exchange

London, England, United Kingdom (On-Site)
2 Months ago
Rippling - Senior Infrastructure Security Engineer

Rippling

San Francisco, California, United States (On-Site)
2 Months ago

Get notifed when new similar jobs are uploaded

About The Company

Bengaluru, Karnataka, India (Hybrid)

Bengaluru, Karnataka, India (Hybrid)

Los Angeles, California, United States (Hybrid)

El Segundo, California, United States (Remote)

Bengaluru, Karnataka, India (Hybrid)

Warsaw, Masovian Voivodeship, Poland (Hybrid)

Bengaluru, Karnataka, India (Hybrid)

Bengaluru, Karnataka, India (Hybrid)

View All Jobs

Get notified when new jobs are added by Saviynt