Lead public sector compliance and Security Risk Management A&A programs for Scale's AI infrastructure products. Own FedRAMP, DoD IL4/5/6, NIST, CMMC, and RMF controls, gap analysis, evidence collection, POAMs, and external audits while partnering cross-functionally with engineering, security, and legal teams.
Salary not listed
On-site7+ YOESecurity Engineering
About the role
Responsibilities
Lead public sector compliance programs (e.g., FedRAMP HIGH, DoD SRG IL4/IL5/IL6, NIST 800-53/800-171, CMMC, and RMF), owning controls mapping, gap analysis, evidence collection, ATO packages, and certification timelines, including coordination with 3PAOs and external assessors.
Oversee Security Risk Management A&A processes, including cloud system risk assessments, POAM development and tracking, vulnerability management, STIG implementation, and security configuration oversight.
Drive cross-functional control implementation by partnering with product, engineering, security, operations, legal, and people ops to deploy technical, administrative, and operational controls.
Set priorities and cadences for intake, evidence collection, remediation tracking, and deadline management, and reporting program health and risks to the Head of Global Assurance.
Manage external relationships with auditors, assessors, certification bodies, and regulatory counterparts to achieve and sustain compliance outcomes.
Maintain system security documentation and GRC tooling, including continuous updates to security documentation and uploading control evidence to eMASS or Xacta throughout the monitoring phase.
Lead compliance reviews for new products and features, and proactively advise the business on emerging certification programs, regulatory changes, and evolving requirements.
Maintain and expand Scale's certification portfolio, including SOC 2, ISO 27001, ISO 42001, and ISO 9001, working with the global GRC team on renewals and new certifications.
Support customer and stakeholder assurance activities, including security questionnaires, due diligence responses, compliance input to bids, and customer-facing assurance discussions.
Requirements
Active US Top Secret security clearance with minimum IAT Level 2 certification (Security+, CASP, or similar).
7+ years of experience in security compliance, technology audit, GRC, cloud security, or related roles, with meaningful exposure to the public sector markets.
Experience implementing and maintaining some of the following frameworks and standards: FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, NIST 800-53.
Deep familiarity with one or more of: STIG/RMF policy knowledge & implementation, including validating compliance via ACAS and other relevant tests, ISO 27001, ISO 9001, ISO 42001, SOC 2, or equivalent frameworks.
Experience in project management and taking projects from conception to launch.
Ability to translate between business and technical risk and communicate clearly to leadership.
Experience managing controls mapping, evidence collection, remediation tracking, and audit coordination across distributed engineering and infrastructure teams.
Experience with cloud environments (one or more of: AWS, Azure, GCP) and the ability to assess cloud architecture against compliance requirements.
Strong communication skills, sound judgment on escalation, and the ability to operate autonomously while maintaining alignment with a global program.
Nice-to-Haves
Bachelor’s degree in accounting, information systems, computer science, or a related field.
Relevant certifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor, ISO 42001 Internal Auditor, or CCSP.
Senior Software Engineer building Snowflake's core identity, access management, and AI-native security infrastructure for the Data Cloud. Design secure agent workflows, IAM systems, encryption, and policy enforcement tooling at massive scale.
Lead the Secure Frameworks Research team at Anthropic to build high-leverage security libraries and frameworks (cryptographic, serialization, authorization) that prevent vulnerabilities in AI model development. Manage engineers, drive adoption across teams, and balance security rigor with development velocity; requires 5+ years security/software engineering and 3+ years managing security teams.
405k – 485k
Hybrid8+ YOESecurity Engineering
Founding Security Engineer
ForusNew York, NY
Founding Security Engineer owning cloud (AWS/GCP), product, AI data, detection/response, and compliance (HIPAA/SOC 2) for a healthcare AI platform handling PHI at scale. Requires 7+ years security engineering on strong SWE foundation, hands-on IaC, and multi-domain expertise.
Salary not listed
On-site7+ YOESecurity Engineering
Manager, Supply Chain Protection & Loss Intelligence
FlexportMiami, FL
Manager responsible for global supply chain protection, loss prevention, and physical security programs at Flexport. Oversees 50+ security officers, electronic systems (CCTV/access control), data-driven investigations, policy/SOP authoring, and new facility stand-up across offices and fulfillment centers.
Salary not listed
On-site8+ YOESecurity Engineering
Physical Security Manager
CrusoeDallas, TX
Lead day-to-day operations of Crusoe's 24/7 Global Security Operations Center (GSOC), overseeing monitoring, incident response, intelligence, and crisis management to protect facilities and infrastructure. Requires experience building high-performing teams, driving operational maturity, and ensuring compliance in a fast-growing environment.