Senior Full-Stack Security/GRC Platform Engineer

🕒 Yesterday

🇺🇸 United States – Remote

💵 $86.5k - $129.9k / year

⏰ Full Time

🟠 Senior

🏗️ Platform Engineer

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Guidehouse

WebsiteLinkedInAll Job Openings

10,000+ employees

Founded 2018

💰 Grant on 2023-02

Consulting • Digital Services • Public Sector

Guidehouse is a global consultancy offering advisory, digital, and managed services across commercial and public sectors. It is purpose-built to support industries such as national security, financial services, healthcare, energy, and infrastructure. Guidehouse collaborates with leaders to navigate complexity and drives transformational changes that impact the future. Their expertise spans data analytics, digital technologies, risk management, and more, with a strong emphasis on sustainability and innovation.

📋 Description

• Maintain and extend a FastAPI backend with hundreds of registered API routes. • Build and refine React/TypeScript product workflows across a large frontend surface. • Design and maintain SQLAlchemy models, Alembic migrations, PostgreSQL queries, and data integrity rules. • Support scanner integrations, finding normalization, deduplication, evidence workflows, and compliance mapping. • Maintain AI-assisted features through a centralized provider abstraction rather than direct calls to providers. • Work across GRC workflows including findings, evidence, SSPs, POA&Ms, RMF, FedRAMP/FISMA, SCRM, ZTA, ISCM, risk acceptance, and reporting. • Keep local development and test environments healthy using Docker Compose, Redis, PostgreSQL, worker queues, Ollama, observability services, and frontend tooling. • Maintain quality gates including linting, type checking, OpenAPI drift checks, migration safety, SDK drift, architecture boundaries, and test suites. • Debug issues across frontend state, API contracts, database state, workers, scanner output, generated SDKs, and deployment configuration. • Treat documentation as helpful but secondary to the codebase; validate assumptions against source, tests, migrations, and running behavior.

🎯 Requirements

• Minimum of SIX (6) years’ experience with Python backend development. • Strong FastAPI, Pydantic, SQLAlchemy, Alembic, async Python, and pytest experience. • Strong React, TypeScript, Vite, React Router, React Query, and component architecture experience. • PostgreSQL experience, including schema design, migrations, indexes, JSON/JSONB, and relational integrity. • Experience maintaining large API surfaces and generated frontend API clients. • Experience with background jobs or async workers using Redis-backed queues. • Strong security engineering fundamentals: authentication, authorization, RBAC, audit logs, secret handling, dependency risk, and input validation. • Ability to diagnose source-of-truth issues when documentation, generated code, database schema, and runtime behavior disagree. • Security/GRC Domain Skills To Include: Vulnerability findings and remediation workflows. • Evidence collection and evidence sufficiency. • SSPs, POA&Ms, control mappings, audit packages, and risk acceptance. • NIST 800-53, RMF, FedRAMP/FISMA, CMMC, SCRM, ZTA, ISCM, and related compliance concepts. • Scanner output from tools such as cloud security scanners, vulnerability scanners, SAST/IaC tools, secret scanners, identity/M365 scanners, and web security scanners. • Provenance, auditability, and defensibility requirements for regulated workflows. • AI/LLM Product Skills To Include: Experience building AI-assisted product features, preferably in security, compliance, document review, or workflow automation. • Understanding of RAG, embeddings, document extraction, prompt/context design, and evidence citation. • Ability to enforce scoped context, provenance, guardrails, and human-review boundaries. • Comfort maintaining provider abstractions across local and cloud AI providers. • Infrastructure And Operations Skills To Include: Docker Compose for local development. • AWS-style production operations: containers, managed databases, caches, object storage, CDN, IAM, logs, and deployment pipelines. • Terraform or similar infrastructure-as-code experience. • CI/CD debugging and release discipline. • Observability, logs, health checks, and operational runbooks.

🏖️ Benefits

• Medical, Rx, Dental & Vision Insurance • Personal and Family Sick Time & Company Paid Holidays • Parental Leave • 401(k) Retirement Plan • Group Term Life and Travel Assistance • Voluntary Life and AD&D Insurance • Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts • Transit and Parking Commuter Benefits • Short-Term & Long-Term Disability • Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities • Employee Referral Program • Corporate Sponsored Events & Community Outreach • Care.com annual membership • Employee Assistance Program • Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)