Senior GRC Engineer

🕒 February 4

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

DataLock Consulting Group

WebsiteLinkedInAll Job Openings

11 - 50 employees

Founded 2013

🔒 Cybersecurity

📋 Compliance

Cybersecurity • Compliance • Healthcare

DataLock Consulting Group is a cybersecurity consulting firm that specializes in security program development, compliance, and security architecture and engineering. They believe in integrating cybersecurity into the foundation of networks and systems rather than treating it as an afterthought. They serve various industries, including government, financial, aerospace, and healthcare, offering services such as risk management, security assessments, and cloud security.

📋 Description

• Maintain and strengthen the cybersecurity posture of assigned federal programs, systems, or enclaves. • Guide system owners, ISSOs, and engineering teams in applying GRC engineering principles throughout the system lifecycle. • Lead and support Risk Management Framework activities, including system categorization, control selection, implementation, assessment, authorization, and continuous monitoring. • Produce high-quality security and privacy artifacts that are technically sound, actionable, and aligned with engineering realities. • Support achievement and maintenance of Authorities to Operate (ATOs) and manage associated Plans of Action and Milestones (POA&Ms). • Brief senior leadership on risk posture, authorization status, and remediation strategies. • Apply DevSecOps principles to integrate security into CI/CD pipelines and modern development workflows. • Support Zero Trust architecture implementation, supply chain risk management, and modernization initiatives. • Apply continuous integration, continuous delivery, and continuous security principles across environments. • Support implementation and analysis of SAST, DAST, Software Composition Analysis, secrets management, and GitHub-based workflows. • Apply Infrastructure as Code, virtualization, and containerization concepts to security engineering and assessment activities. • Utilize endpoint protection, integrity monitoring, and SIEM tooling to support security operations and monitoring. • Implement and assess authentication, authorization, and identity federation mechanisms including SAML, OAuth, and OIDC. • Apply PKI, encryption technologies, and FIPS implementation requirements. • Analyze network architectures, topologies, and protection mechanisms to assess confidentiality, integrity, and availability risks. • Leverage OSCAL for machine-readable control catalogs, baselines, System Security Plans, and assessment documentation. • Analyze and interpret software vulnerabilities using CVE, CWE, and CVSS scoring methodologies. • Evaluate supplier and product trustworthiness as part of supply chain risk management efforts. • Develop and maintain cybersecurity and privacy policies aligned with organizational objectives. • Apply cybersecurity and privacy principles related to confidentiality, integrity, availability, authentication, and non-repudiation. • Assess security and privacy controls using frameworks such as NIST SP 800-53, the NIST Cybersecurity Framework, and CIS Critical Security Controls. • Determine how security systems should function, including resilience and dependability, and assess how environmental or operational changes affect system risk. • Communicate technical findings clearly and effectively through written documentation and stakeholder engagement. • Introduce automation, engineering practices, and innovation into GRC programs to improve efficiency and continuous monitoring maturity.

🎯 Requirements

• Bachelor’s degree in Computer Science, Information Systems, or a related field, or an additional three years of relevant experience. • Seven or more years of relevant cybersecurity experience. • Three or more years of experience serving as an ISSO for a Federal agency. • Prior experience serving as an ISSO for a portfolio of Federal systems. • Experience achieving ATOs, managing POA&Ms, and briefing senior leadership. • Deep functional and technical knowledge of NIST RMF and NIST CSF processes and documentation. • Expertise in FedRAMP standards and processes. • Strong understanding of IaaS, PaaS, and SaaS cloud service models, including Azure, Microsoft 365, Salesforce, ServiceNow, Appian, and MuleSoft. • Strong foundational and operational knowledge of DevSecOps, CI/CD pipelines, Zero Trust, supply chain risk management, artificial intelligence, and operational technology. • Familiarity with SAST, DAST, Software Composition Analysis, secrets management, and GitHub. • Operational knowledge of Infrastructure as Code, virtualization, and containerization. • Proficiency with endpoint protection, integrity monitoring, and SIEM tools. • Expertise in authentication, authorization, and identity federation technologies. • Familiarity with PKI, encryption technologies, and FIPS requirements. • Foundational understanding of network architectures and security mechanisms. • Familiarity with OSCAL and machine-readable security documentation. • Ability to analyze software vulnerabilities using CVE, CWE, and CVSS. • Experience in technical writing and producing clear, well-organized security documentation. • Experience evaluating supplier and product trustworthiness.

🏖️ Benefits

• Competitive compensation • Comprehensive benefits package • Strong commitment to work-life balance • Collaborative, remote-first environment • Professional growth opportunities