We need a Security Engineer.Do your friends treat you as the go-to for their security questions, and do you get a little satisfaction from finding the vulnerability everyone else missed? Are you happiest with your hands on the tools, automating scans, hardening pipelines, and turning a wall of findings into a prioritized plan of attack? If you'd like to put your technical skills and security instincts to work protecting systems that matter, then stop thinking about it and apply!
Come join us if you're motivated to learn from others, to learn from mistakes, to be part of a future-looking and growth-oriented team.
Let's go Skyward together.
What you'll do:- Join the team supporting the Centers for Medicare & Medicaid Services (CMS) as it merges and modernizes its enterprise knowledge and data systems into a single, AI-driven platform, reducing manual effort, improving data accuracy, and enhancing transparency for stakeholders.
- Find and prioritize what matters. Run vulnerability and security scans, then build a clear, prioritized list of weaknesses based on severity, known exploitation, and exploitation probability using intelligence sources like the CISA KEV catalog and EPSS.
- Automate security into the pipeline. Embed security tooling such as Snyk, Trufflehog/GitLeaks, Tenable, and AWS Inspector into CI/CD so vulnerabilities are caught and reported before they ship.
- Modernize compliance, hands-on. Help drive the move toward Continuous ATO (cATO) and near-real-time compliance monitoring using AWS Security Hub, Config, and Audit Manager, plus the CMS GRC system of record (CFACTS).
- Build and feed continuous monitoring. Implement monitoring of production runtime environments for vulnerabilities and compliance drift, and make security and compliance reporting available on demand.
- Track and close the gaps. Document vulnerabilities, misconfigurations, and compliance deviations, and support POA&M creation and remediation tracking to keep system ATOs healthy.
- Keep us aligned to the standards. Support compliance with CMS and federal requirements such as NIST RMF, ARS, and IS2P2 within a FISMA Moderate boundary.
- Harden access. Help implement least-privilege, role-based access controls aligned to Zero Trust objectives and support regular access reviews and audits.
- Raise the flag early. Identify, document, and communicate security risks tied to modernization efforts so they get to the right stakeholders before they become problems.
What we'd like you to have:- A bachelor's degree in computer science, information systems, cybersecurity, or a related field.
- 3-5 years of experience in security engineering, cybersecurity, or a related role.
- Hands-on experience with vulnerability scanning and management tools (e.g., Tenable, AWS Inspector, Snyk, Trufflehog, or GitLeaks).
- Working knowledge of AWS security and compliance services (Security Hub, Config, Audit Manager) or comparable cloud-native tooling.
- Familiarity with security compliance and the Authority to Operate (ATO) process, including POA&Ms and continuous monitoring.
- Understanding of federal security frameworks such as NIST RMF, ARS, or IS2P2 (or a strong willingness to learn them quickly).
- Comfort scripting and automating in Python or Bash and integrating tooling into CI/CD pipelines.
- Solid problem-solving skills and the ability to collaborate across multiple stakeholders.
What would blow us away:- Previous experience supporting CMS.
- Experience securing AI, NLP, or LLM-driven systems and the data behind them.
Even if you don't meet 100% of the qualifications, we encourage you to apply. At Skyward, we're focused on hiring individuals with the right skills and passion to grow, not just checking off every box.
And now the important part. What we offer you:- Medical, dental, vision insurance (fully paid for employees)
- 15 days of paid leave
- 7 days of sick leave
- 2 days bereavement leave
- 11 paid Federal holidays
- Up to 40 hours for jury duty
- 401K with 4% employer contribution (and no vesting period)
- Up to 4 weeks of paid paternity and maternity leave
- Company provided laptop
- $5,000 per year for professional development
- $600 per year for technical supplies and equipment
- $2,000 referral bonus
- Life and disability insurance
- HSA and FSA
- Legal Shield and ID Shield Voluntary Benefits
- Opportunity to work in a collaborative, motivated team focused on modernizing government services with cutting-edge technology and innovative solutions. Who says government work can't be exciting!
$120,000 - $160,000 a year
We believe great work deserves great pay. That's why we ensure our compensation is not only competitive but also fair and transparent, as required by Maryland law. Expect a salary that matches your skills, experience, and the value you bring to the table - because you're worth it!
At Skyward, we support flexible working hours and remote opportunities to help maintain a healthy work-life balance for all employees.
