SearchStax

Principal Security Engineer

SearchStax

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $175,000 - $240,000 per year

Job Level

Lead

Tech Stack

AWSCloudOpen SourcePythonTerraform

About the role

  • Architect and implement FedRAMP-based security controls with automation at the core of compliance strategy
  • Drive audit readiness by building automated evidence collection, control validation, and remediation workflows
  • Own vulnerability scanning, triage, prioritization, and remediation workflows across infrastructure and product teams
  • Build and maintain scripts, APIs, and workflows (Python, JSON, databases, system-level coding) to automate compliance reporting and monitoring
  • Configure and optimize AWS security architecture using AWS Config, AWS SSM, IAM, CloudTrail, GuardDuty, Security Hub
  • Partner with external assessors, consultants, and vendors to meet compliance objectives and manage security reviews
  • Identify gaps and recommend improvements to evolve security posture in line with FedRAMP requirements and industry best practices
  • Maintain documentation of controls and processes; provide training to enable cross-team security awareness
  • Serve as both architect and hands-on builder to implement automation, controls, and systems for FedRAMP 20X → Moderate progression

Requirements

  • 8+ years in Security Engineering, Cloud Security, or Infrastructure Security
  • Hands-on experience architecting and implementing FedRAMP-based controls (ideally FedRAMP Moderate audit readiness)
  • Strong Python programming skills for system-level automation (APIs, JSON, databases)
  • Deep AWS security and compliance experience (AWS Config, AWS SSM, IAM, CloudTrail, GuardDuty, Security Hub)
  • Experience leading vulnerability management programs at scale (scanning, triage, remediation workflows)
  • Familiarity with Infrastructure as Code (Terraform, CloudFormation) and CI/CD pipelines with embedded security checks
  • Ability to drive cross-functional alignment, influence engineering practices, and serve as a trusted security advisor
  • Senior/staff-level operator mindset—both architect and hands-on executor with ownership over outcomes
  • Willingness/ability to work on FedRAMP 20X → Moderate automation and audit readiness efforts
  • Legal authorization to work in the United States (application asks about U.S. work authorization and E-Verify is used)