Job description

Note: The job is a remote job and is open to candidates in USA. Saviynt is a high-growth Platform as a Service company focused on Identity Authority. The Distinguished Security Engineer will lead the FedRAMP security mission, overseeing technical and GRC execution to ensure compliance and security across the platform. Responsibilities • Drive Certification and Trust • Lead Saviynt's entire FedRAMP program through certification, re-certification, and continuous monitoring cycles • Create and sustain the System Security Plan (SSP) and all FedRAMP-required documentation • Lead monthly Continuous Monitoring (ConMon) meetings, ensuring technical issues are surfaced, resolved, and documented immediately • Personally review and validate all FedRAMP artifacts—audit reports, gap analysis, POA&Ms, and compliance forms • Be the primary Governance POC for internal teams, customers, and Federal auditors • Execute technical security controls within our mission-critical Federal environments • Design and integrate secure solutions for AWS, Azure, containers, Kubernetes, and modern applications relevant to the FedRAMP platform • Independently run vulnerability scans, analyze results, determine exploitability, and rapidly deploy mitigations across the environment • Recommend and implement monitoring enhancements; actively analyze detection alerts to identify and respond to threats • Automate GRC workflows to drastically improve the speed, accuracy, and scalability of compliance processes • Partner with core business and technology teams to embed security and compliance from inception to deployment • Proactively partner with product, engineering, and operations to embed security and compliance requirements early in the development lifecycle • Convert complex technical audit requirements into clear, actionable engineering deliverables • Support sales and customer success by addressing client compliance and security queries, acting as a trusted security expert • Conduct risk assessments, track remediation efforts, and maintain a comprehensive risk register • Review vendor and customer contracts for security clauses, driving favorable compliance outcomes • Grow and formalize our overarching compliance framework • Contribute to and execute on other compliance programs including ISO 27001, PCI-DSS, SOC 1, and SOC 2 • Develop and update core security documentation: policies, standards, incident response plans, and contingency plans • Establish and maintain metrics that clearly measure the GRC posture and inform leadership decisions • Drive security awareness and training initiatives across the organization Skills • U.S. Citizenship is required. • 15+ years of hands-on security architecture/engineering experience with cloud, containers, and modern app environments • FedRAMP Authority: Proven leadership in FedRAMP environments with absolute mastery of NIST RMF and SP 800-53 Rev 5 controls • Technical Expertise: Strong technical knowledge of secure solutions for AWS, Azure, Kubernetes, and modern application security practices • Dual Leadership: Demonstrated ability to both lead compliance strategy (policy, documentation, risk) and execute technical controls directly (scanning, mitigation, architecture) • Agile & Executive Ready: Experience managing Agile projects and delivering polished, effective technical governance updates to executive audiences • Vulnerability Expertise: Deep experience with vulnerability management, continuous monitoring, and the POA&M processes. • Influence: Strong stakeholder influence and cross-team collaboration skills essential for driving organizational change • Meet US persons on US soil requirements • Undergo full background investigation/screening • Undergo IAL3 requirements (Identity proofing to include I-9 document verification, biometric collection, and mailing address confirmation) • Complete security & privacy literacy and awareness training during onboarding and annually thereafter • Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to): Data Classification, Retention & Handling Policy, Incident Response Policy/Procedures, Business Continuity/Disaster Recovery Policy/Procedures, Mobile Device Policy, Account Management Policy, Access Control Policy, Personnel Security Policy, Privacy Policy Company Overview • Saviynt is an identity management company that provides cloud-first identity governance and access management solutions for businesses. It was founded in 2010, and is headquartered in El Segundo, California, USA, with a workforce of 1001-5000 employees. Its website is http://saviynt.com/.

Requirements