Description

So, what’s the role all about?

The purpose of this role is to support security stakeholders within the business by addressing increasing security and compliance requirements from our customers. Reporting to the DevOps Manager and would work closely with the Engineering Manager, and Security Manager your duties will range from answering data security questionnaires from existing customers or prospects, or working on new requirements stemming from certifications such as FedRAMP that we are actively seeking to acquire. As an engineering-focused role, there will be a significant hands-on element, with a particular emphasis on implementing and maintaining the technical controls necessary for FedRAMP compliance.

The role will also take responsibility for ensuring that security measures are applied according to our policies, and that compliance-related processes are followed correctly. This could involve configuring integrations with new security tooling, ensuring that security log scanning automation aligns with FedRAMP requirements, or preparing and sending regular vulnerability and compliance scanning reports.

A strong technical understanding of software and infrastructure development will be critical, as the role will involve frequent collaboration with engineers. It is expected that the candidate will develop a deep knowledge of the platform infrastructure, SDLC, and security policy framework, particularly with regard to FedRAMP controls. Hands-on experience configuring various security tools will be key.

Excellent written and verbal communication skills are paramount, as drafting clear and accurate replies to security and compliance-related questions from current and potential clients, will be a core part of the role. The ideal candidate will fully appreciate the sensitivity involved in handling both internal and external security audits, especially those focused on federal standards, and will need strong communication skills to manage these interactions effectively.

This role would suit someone with a background in software engineering or architecture who has transitioned into security, with an interest in or experience with FedRAMP compliance.

How will you make an impact?

Seek to understand the company data, infrastructure, and software architecture, especially related to our SDLC and security touch points, with an emphasis on compliance-related requirements. 
Investigate and make recommendations to strengthen our security posture across data, SDLC, and infrastructure, particularly in relation to compliance frameworks like FedRAMP. 
Work with stakeholders to respond promptly to security-related questions or questionnaires from clients or prospects, ensuring compliance with industry standards and frameworks, including FedRAMP when applicable. 
Ensure the tech security landscape is fully understood and communicate any significant changes or developments to stakeholders and decision-makers. 
Hands-on work with integrating security tooling and systems when required, ensuring alignment with security policies and applicable regulatory frameworks. 
Perform ad-hoc investigations into security issues, including those that could impact regulatory compliance. 
Develop, track, and regularly report on security metrics and KPIs for the platform, ensuring they reflect key compliance requirements. 
Provide advice and support on security concerns to any interested parties within the organization, helping ensure the implementation of necessary controls. 
Use security tooling to prepare and send vulnerability reports regularly, ensuring that reporting is in line with our compliance obligations. 
Collaborate with finance and stakeholders when appropriate on the procurement of security-related software tools. 
Work with stakeholders to identify and address security process or policy gaps, including those related to compliance with regulatory standards like FedRAMP.

Have you got what it takes?

5+ years in a hands-on security or software engineering-related role. 
A technical background rather than a pure compliance background is preferable, with experience in compliance frameworks such as FedRAMP, NIST-800-53, ISO 27001, SOC 2 Type 2, PCI DSS, HIPAA, etc. 
Experience responding to data security questionnaires and ensuring compliance with industry standards. 
Experience investigating and addressing software or infrastructure security issues, with some focus on regulatory or compliance-driven requirements. 
Strong understanding of software development and infrastructure common practices, especially related to the SDLC. 
Hands-on experience with security software and tooling, including those supporting compliance efforts. 
Proven ability to communicate security concepts to senior stakeholders in both written and oral form. 
Understanding of relational databases and security best practices, including those relevant to compliance frameworks. 
Familiarity with ETL, data warehouse, and reporting systems, and related security practices. 
Knowledge of AWS services and security tools would be advantageous, especially in supporting compliance initiatives. 

Education

Any Graduate