Skip to content
Scale AIScale AIWashington, DC

Technical Assurance Lead

Lead public sector compliance and Security Risk Management A&A programs for Scale's AI infrastructure products. Own FedRAMP, DoD IL4/5/6, NIST, CMMC, and RMF controls, gap analysis, evidence collection, POAMs, and external audits while partnering cross-functionally with engineering, security, and legal teams.

Salary not listed
On-site7+ YOESecurity Engineering

About the role

Responsibilities

  • Lead public sector compliance programs (e.g., FedRAMP HIGH, DoD SRG IL4/IL5/IL6, NIST 800-53/800-171, CMMC, and RMF), owning controls mapping, gap analysis, evidence collection, ATO packages, and certification timelines, including coordination with 3PAOs and external assessors.
  • Oversee Security Risk Management A&A processes, including cloud system risk assessments, POAM development and tracking, vulnerability management, STIG implementation, and security configuration oversight.
  • Drive cross-functional control implementation by partnering with product, engineering, security, operations, legal, and people ops to deploy technical, administrative, and operational controls.
  • Set priorities and cadences for intake, evidence collection, remediation tracking, and deadline management, and reporting program health and risks to the Head of Global Assurance.
  • Manage external relationships with auditors, assessors, certification bodies, and regulatory counterparts to achieve and sustain compliance outcomes.
  • Maintain system security documentation and GRC tooling, including continuous updates to security documentation and uploading control evidence to eMASS or Xacta throughout the monitoring phase.
  • Lead compliance reviews for new products and features, and proactively advise the business on emerging certification programs, regulatory changes, and evolving requirements.
  • Maintain and expand Scale's certification portfolio, including SOC 2, ISO 27001, ISO 42001, and ISO 9001, working with the global GRC team on renewals and new certifications.
  • Support customer and stakeholder assurance activities, including security questionnaires, due diligence responses, compliance input to bids, and customer-facing assurance discussions.

Requirements

  • Active US Top Secret security clearance with minimum IAT Level 2 certification (Security+, CASP, or similar).
  • 7+ years of experience in security compliance, technology audit, GRC, cloud security, or related roles, with meaningful exposure to the public sector markets.
  • Experience implementing and maintaining some of the following frameworks and standards: FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, NIST 800-53.
  • Deep familiarity with one or more of: STIG/RMF policy knowledge & implementation, including validating compliance via ACAS and other relevant tests, ISO 27001, ISO 9001, ISO 42001, SOC 2, or equivalent frameworks.
  • Experience in project management and taking projects from conception to launch.
  • Ability to translate between business and technical risk and communicate clearly to leadership.
  • Experience managing controls mapping, evidence collection, remediation tracking, and audit coordination across distributed engineering and infrastructure teams.
  • Experience with cloud environments (one or more of: AWS, Azure, GCP) and the ability to assess cloud architecture against compliance requirements.
  • Strong communication skills, sound judgment on escalation, and the ability to operate autonomously while maintaining alignment with a global program.

Nice-to-Haves

  • Bachelor’s degree in accounting, information systems, computer science, or a related field.
  • Relevant certifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor, ISO 42001 Internal Auditor, or CCSP.
  • Experience at a high-growth technology company.

Skills

FedRAMPDod SrgNist 800-53Nist 800-171CmmcRmfStigPoamEmassXactaAWSAzureGCPISO 27001SOC 2
Snowflake

Senior Software Engineer

SnowflakeBellevue, WA +1

Senior Software Engineer building Snowflake's core identity, access management, and AI-native security infrastructure for the Data Cloud. Design secure agent workflows, IAM systems, encryption, and policy enforcement tooling at massive scale.

200k – 288k
Hybrid5+ YOESecurity Engineering
Anthropic

Software Security Engineering Manager, Secure Frameworks

AnthropicSan Francisco, CA +1

Lead the Secure Frameworks Research team at Anthropic to build high-leverage security libraries and frameworks (cryptographic, serialization, authorization) that prevent vulnerabilities in AI model development. Manage engineers, drive adoption across teams, and balance security rigor with development velocity; requires 5+ years security/software engineering and 3+ years managing security teams.

405k – 485k
Hybrid8+ YOESecurity Engineering
Forus

Founding Security Engineer

ForusNew York, NY

Founding Security Engineer owning cloud (AWS/GCP), product, AI data, detection/response, and compliance (HIPAA/SOC 2) for a healthcare AI platform handling PHI at scale. Requires 7+ years security engineering on strong SWE foundation, hands-on IaC, and multi-domain expertise.

Salary not listed
On-site7+ YOESecurity Engineering
Flexport

Manager, Supply Chain Protection & Loss Intelligence

FlexportMiami, FL

Manager responsible for global supply chain protection, loss prevention, and physical security programs at Flexport. Oversees 50+ security officers, electronic systems (CCTV/access control), data-driven investigations, policy/SOP authoring, and new facility stand-up across offices and fulfillment centers.

Salary not listed
On-site8+ YOESecurity Engineering
Crusoe

Physical Security Manager

CrusoeDallas, TX

Lead day-to-day operations of Crusoe's 24/7 Global Security Operations Center (GSOC), overseeing monitoring, incident response, intelligence, and crisis management to protect facilities and infrastructure. Requires experience building high-performing teams, driving operational maturity, and ensuring compliance in a fast-growing environment.

Salary not listed
On-site7+ YOESecurity Engineering