Saviynt

Senior /Principal Federal Security Engineer

Saviynt$100K — $160K *
US-AnywhereRemote in United States
Technical Services
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • U.S. Citizenship required for applicants.
  • Bachelor's degree or equivalent experience with a minimum of 10 years in relevant fields.
  • Familiarity with U.S. Federal Government security compliance and risk management.
  • Experience in vulnerability scanning and remediation.
  • Strong communication skills for facilitating discussions and project meetings.
  • Knowledge of security requirements such as HIPAA and GDPR is advantageous.

Responsibilities

  • Design and maintain detection rules in security platforms and cloud environments.
  • Run vulnerability scans and recommend risk mitigation measures.
  • Develop automated incident response playbooks.
  • Lead evaluation and integration of security technologies for FedRAMP compliance.
  • Build and maintain threat detection capabilities.
  • Respond to alerts and coordinate incident response efforts.
  • Design proactive threat hunting missions using advanced forensics.

Benefits

  • Competitive total rewards package with growth opportunities.
  • Participation in a discretionary bonus plan based on performance.
  • Comprehensive security and privacy training during onboarding and annually.
  • Exposure to a dynamic, high-growth company culture.
Full Job Description
The Senior/Principal Federal Security Engineer reports into Federal Information Security leadership, and will specialize in detection, response, and vulnerability triage. They will also serve as a high-level technical authority responsible for the end-to-end lifecycle of threat management. This hands-on engineering role will own the systems that identify and mitigate organizational risk as they relate primarily to the FedRAMP Program (FedRAMP Moderate and FedRAMP High).

The candidate should be familiar with policy and compliance requirements, including policy documentation and system requirements to successfully respond to potential audits as well as prior experience operating in Federally regulated environments.

CORE RESPONSIBILITIES

  • Design and maintain high-fidelity detection rules and analytics across the security stack (SIEM, EDR, CNAPP/CSPM) and cloud environments (AWS, GCP, Azure).
  • Ability to run vulnerability scans, triage results, establish exploitability of reported vulnerabilities, recommend risk mitigation controls, and deploy controls where needed
  • Develop and refine automated response playbooks for Incident Response (IR) and orchestration (SOAR).
  • Lead the evaluation and integration of security technologies, ensuring scalability, resilience, and compliance. as it pertains to FedRAMP environments


WHAT YOU WILL BE DOING

Lead the Detection Lifecycle: Build and maintain our threat detection capabilities, from researching emerging TTPs to writing custom detection logic in our SIEM and EDR platforms.

Incident Response: Respond to alerts and triage findings coordinating across engineering, security, and leadership teams.

Modernize Vulnerability Management: Architect and maintain automation to prioritize vulnerabilities (from Code, to Containers, to Cloud) based on risk and exploitability.Automation: Operationalize security tasks by building, developing, and optimizing SOAR playbooks to automate containment and remediation.

Execute Proactive Threat Hunting: Design and lead hunt missions to identify threats that bypass traditional security controls, utilizing advanced forensics and log correlation techniques.

Industry Awareness: Incorporate industry news, events, IOCs, and other intelligence into our Detection and Response capabilities.

WHAT YOU BRING

  • U.S. Citizenship: Applicants must be United States citizens.
  • Bachelor's degree or equivalent experience with a minimum of 10 years of experience in Security Engineering, Security Architecture, Federal Security or similar
  • Knowledge of U.S. Federal Government security compliance, risk management processes and requirements, including NIST RMF and NIST SP 800-53 Rev 5 controls
  • Experience with vulnerability scanning, remediation, and continuous monitoring (ConMon)
  • Requires sufficient technical background to be able to interpret audit and compliance requirements, and be able to support basic evidence gathering needs in support of audits
  • Ability to provide excellent written and oral communications by email, presentations, and mobile communication platforms (including: experience facilitating discussions, briefing senior managers, and conducting project meetings).
  • Experience with continuous monitoring and Plans of Actions and Milestones (POA&Ms) is a plus
  • Knowledge of local legal and regulatory security requirements including HIPAA, FedRAMP, and GDPR/privacy
  • Flexible and collaborative approach to enabling and supporting the business

The Selected candidate must:

  • Meet US persons on US soil requirements
  • Undergo full background investigation/screening
  • Undergo IAL3 requirements (Identity proofing to include I-9 document verification, biometric collection, and mailing address confirmation)


$100,000 - $160,000 a year

We offer you a competitive total rewards package, learning and tremendous opportunities to grow and advance in your career. At Saviynt, it is not typical for an individual to be hired at or near the top of the range for their role and final compensation decisions are dependent on many factors including, but are not limited to location; skill sets; experience and training; licensure and certifications; and other relevant business and organizational needs. A reasonable estimate of the current range is $100,000 - $160,000 annually. You may also be eligible to participate in a Saviynt discretionary bonus plan, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.

If required for this role, you will:

- Complete security & privacy literacy and awareness training during onboarding and annually thereafter

- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):

> Data Classification, Retention & Handling Policy

> Incident Response Policy/Procedures

> Business Continuity/Disaster Recovery Policy/Procedures

> Mobile Device Policy

> Account Management Policy

> Access Control Policy

> Personnel Security Policy

> Privacy Policy

About Saviynt

Saviynt is a leading provider of cloud identity and access governance solutions. Saviynt enables enterprises to secure applications, data, and infrastructure in a single platform for Cloud (Office 365, AWS, Azure, Salesforce, Workday) and Enterprise (SAP, Oracle EBS). Saviynt is pioneering Identity 3.0 by integrating advanced risk analytics and intelligence with fine-grained privilege management. Top global brands leverage Saviynt technology. Saviynt is headquartered in Irvine, California with offices in Chicago, New York, Toronto, London, and Hyderabad, India.
Learn more about Saviynt
Size
500 employees
Industry
Founded
2010

Similar Jobs

More Jobs at Saviynt

More Technical Services Jobs

Find similar Senior /Principal Federal Security Engineer jobs: