[Remote] Senior /Principal Federal Security Engineer

Note: The job is a remote job and is open to candidates in USA. Saviynt is a leader in identity security, providing an AI-powered identity platform that safeguards digital assets for organizations. The Senior/Principal Federal Security Engineer will focus on detection, response, and vulnerability triage, managing the end-to-end lifecycle of threat management, particularly in relation to the FedRAMP Program.

Responsibilities

• Design and maintain high-fidelity detection rules and analytics across the security stack (SIEM, EDR, CNAPP/CSPM) and cloud environments (AWS, GCP, Azure)
• Ability to run vulnerability scans, triage results, establish exploitability of reported vulnerabilities, recommend risk mitigation controls, and deploy controls where needed
• Develop and refine automated response playbooks for Incident Response (IR) and orchestration (SOAR)
• Lead the evaluation and integration of security technologies, ensuring scalability, resilience, and compliance. as it pertains to FedRAMP environments
• Lead the Detection Lifecycle: Build and maintain our threat detection capabilities, from researching emerging TTPs to writing custom detection logic in our SIEM and EDR platforms
• Incident Response: Respond to alerts and triage findings coordinating across engineering, security, and leadership teams
• Modernize Vulnerability Management: Architect and maintain automation to prioritize vulnerabilities (from Code, to Containers, to Cloud) based on risk and exploitability.Automation: Operationalize security tasks by building, developing, and optimizing SOAR playbooks to automate containment and remediation
• Execute Proactive Threat Hunting: Design and lead hunt missions to identify threats that bypass traditional security controls, utilizing advanced forensics and log correlation techniques
• Industry Awareness: Incorporate industry news, events, IOCs, and other intelligence into our Detection and Response capabilities

Skills

• U.S. Citizenship: Applicants must be United States citizens
• Bachelor's degree or equivalent experience with a minimum of 10 years of experience in Security Engineering, Security Architecture, Federal Security or similar
• Knowledge of U.S. Federal Government security compliance, risk management processes and requirements, including NIST RMF and NIST SP 800-53 Rev 5 controls
• Experience with vulnerability scanning, remediation, and continuous monitoring (ConMon)
• Requires sufficient technical background to be able to interpret audit and compliance requirements, and be able to support basic evidence gathering needs in support of audits
• Ability to provide excellent written and oral communications by email, presentations, and mobile communication platforms (including: experience facilitating discussions, briefing senior managers, and conducting project meetings)
• Experience with continuous monitoring and Plans of Actions and Milestones (POA&Ms) is a plus
• Knowledge of local legal and regulatory security requirements including HIPAA, FedRAMP, and GDPR/privacy
• Flexible and collaborative approach to enabling and supporting the business
• Meet US persons on US soil requirements
• Undergo full background investigation/screening
• Undergo IAL3 requirements (Identity proofing to include I-9 document verification, biometric collection, and mailing address confirmation)
• Complete security & privacy literacy and awareness training during onboarding and annually thereafter
• Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to): Data Classification, Retention & Handling Policy, Incident Response Policy/Procedures, Business Continuity/Disaster Recovery Policy/Procedures, Mobile Device Policy, Account Management Policy, Access Control Policy, Personnel Security Policy, Privacy Policy

Company Overview