This job was posted more than 40 days ago and might be expired.

Senior /Principal Federal Security Engineer

Posted 3 months ago

RemoteRemote US100k - 160k USD

Saviynt's AI-powered identity platform manages and governs human and non-human access to all of an organization's applications, data, and business processes. Customers trust Saviynt to safeguard their digital assets, drive operational efficiency, and reduce compliance costs. Built for the AI age, Saviynt is today helping organizations safely accelerate their deployment and usage of AI. Saviynt is recognized as the leader in identity security, with solutions that protect and empower the world’s leading brands, Fortune 500 companies and government institutions. For more information, please visit www.saviynt.com.

The Senior/Principal Federal Security Engineer reports into Federal Information Security leadership, and will specialize in detection, response, and vulnerability triage. They will also serve as a high-level technical authority responsible for the end-to-end lifecycle of threat management. This hands-on engineering role will own the systems that identify and mitigate organizational risk as they relate primarily to the FedRAMP Program (FedRAMP Moderate and FedRAMP High).

The candidate should be familiar with policy and compliance requirements, including policy documentation and system requirements to successfully respond to potential audits as well as prior experience operating in Federally regulated environments.

### CORE RESPONSIBILITIES

Design and maintain high-fidelity detection rules and analytics across the security stack (SIEM, EDR, CNAPP/CSPM) and cloud environments (AWS, GCP, Azure).

Ability to run vulnerability scans, triage results, establish exploitability of reported vulnerabilities, recommend risk mitigation controls, and deploy controls where needed

Develop and refine automated response playbooks for Incident Response (IR) and orchestration (SOAR).

Lead the evaluation and integration of security technologies, ensuring scalability, resilience, and compliance. as it pertains to FedRAMP environments

### WHAT YOU WILL BE DOING

Lead the Detection Lifecycle: Build and maintain our threat detection capabilities, from researching emerging TTPs to writing custom detection logic in our SIEM and EDR platforms.

Incident Response: Respond to alerts and triage findings coordinating across engineering, security, and leadership teams.

Modernize Vulnerability Management: Architect and maintain automation to prioritize vulnerabilities (from Code, to Containers, to Cloud) based on risk and exploitability.Automation: Operationalize security tasks by building, developing, and optimizing SOAR playbooks to automate containment and remediation.

Execute Proactive Threat Hunting: Design and lead hunt missions to identify threats that bypass traditional security controls, utilizing advanced forensics and log correlation techniques.

Industry Awareness: Incorporate industry news, events, IOCs, and other intelligence into our Detection and Response capabilities.

### WHAT YOU BRING

U.S. Citizenship: Applicants must be United States citizens.

Bachelor's degree or equivalent experience with a minimum of 10 years of experience in Security Engineering, Security Architecture, Federal Security or similar

Knowledge of U.S. Federal Government security compliance, risk management processes and requirements, including NIST RMF and NIST SP 800-53 Rev 5 controls

Experience with vulnerability scanning, remediation, and continuous monitoring (ConMon)

Requires sufficient technical background to be able to interpret audit and compliance requirements, and be able to support basic evidence gathering needs in support of audits

Ability to provide excellent written and oral communications by email, presentations, and mobile communication platforms (including: experience facilitating discussions, briefing senior managers, and conducting project meetings).

Experience with continuous monitoring and Plans of Actions and Milestones (POA&Ms) is a plus

Knowledge of local legal and regulatory security requirements including HIPAA, FedRAMP, and GDPR/privacy

Flexible and collaborative approach to enabling and supporting the business

The Selected candidate must:

Meet US persons on US soil requirements

Undergo full background investigation/screening

Undergo IAL3 requirements (Identity proofing to include I-9 document verification, biometric collection, and mailing address confirmation)

If required for this role, you will:

- Complete security & privacy literacy and awareness training during onboarding and annually thereafter

- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):

> Data Classification, Retention & Handling Policy

> Incident Response Policy/Procedures

> Business Continuity/Disaster Recovery Policy/Procedures

> Mobile Device Policy

> Account Management Policy

> Access Control Policy

> Personnel Security Policy

> Privacy Policy

Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work which directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!

Saviynt is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

Other open roles at Saviynt(6)

Associate Principal Engineer

Bengaluru

On-site

Staff platform Support Engineer

Staff Partner Solutions Engineer

Bengaluru

On-site

Strategic Account Executive - Chicago

Chicago

🏡 Remote

See all Saviynt jobs on Jobr

Job details

Workplace

Remote

Location

Remote US

Salary

100k - 160k USD

per year

Saviynt

View company page

Saviynt delivers enterprise control over AI, securing every identity across the organization, including human, non-human, and AI, so businesses can build and deploy AI innovation with complete confidence.

Website LinkedIn +2

Industry

Software Development

Headquarters

El Segundo, California

Founded

2010

Company location

El Segundo, California

Specialties

Continuous Controls Monitoring, RBAC / ABAC Policy Management, Infrastructure Access Security, Identity Analytics & Intelligence, Risk Analytics, Privilege Access Governance, Application GRC, Cloud Security, The Identity Cloud, Identity Governance & Administration, External Identity & Risk Management, Privileged Access Management, Application Access Governance, PAM, IAM, External Identity & Risk Management, IGA, Zero Trust, CPAM, and Cloud PAM

Key team members

Kevin Spurway

Fredrik Hörnell

Hemendra Rana

Evelyn Acosta Behrendt

Apply smarter with Jobr

Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.

Direct from company career pages

AI-personalised cover letters

Human review before every submit

Application tracking & follow-ups