
Security & Compliance Engineer
Posted 5 hours ago

Posted 5 hours ago
This is a fully remote position, open to applicants in United States.
• Assist in maintaining the daily security posture of systems and services across both cloud and on-premises environments.
• Evaluate vulnerability reports from scanners, penetration testing, and various assessments, and facilitate the remediation process to completion.
• Collaborate with infrastructure, platform, and engineering teams to ensure secure configuration, access control, logging, monitoring, and readiness for incidents.
• Aid in compliance and assessment efforts related to GovRAMP/FedRAMP, PCI DSS, internal audits, and third-party evaluations.
• Effectively utilize AWS security tools, support daily security operations, and assist in translating security and compliance requirements into actionable and sustainable operational results.
• Keep documentation, procedures, and other operational materials updated to align with the environment and current control expectations.
• A minimum of 3 years of experience in security engineering, security operations, infrastructure security, or security compliance.
• Practical experience in Linux-based production environments and securing Linux systems.
• Proficiency in securing AWS environments and utilizing services such as IAM, CloudTrail, GuardDuty, Security Hub, Config, Inspector, and KMS.
• Solid understanding of vulnerability management, configuration management, logging, monitoring, access control, and incident response methodologies.
• Experience with scripting in Python, Bash, PowerShell, or similar languages for automation, security operations, and reporting functions.
• Excellent written and verbal communication skills, with the capability to manage issues from discovery through to remediation across various teams.
• Experience in supporting regulated or highly audited environments is advantageous.
• Knowledge of GovRAMP, FedRAMP, PCI DSS, SOC examinations, or similar frameworks is a plus.
• Familiarity with reviewing scanner outputs, penetration test results, or security monitoring alerts and facilitating remediation is beneficial.
• Knowledge of POA&M tracking, exception handling, and remediation coordination is a plus.
• Experience working across both cloud and legacy infrastructures is an asset.
• Minimal travel: typically 2-3 weeks per year for on-site meetings.
• Technology-rich work environment.
Empower
Ollion
Morpho
Data & Society Research Institute
Get handpicked remote jobs straight to your inbox weekly.