Saviynt
Distinguished Security Engineer - FedRAMP High - Director Level
Saviynt, Atlanta, Georgia, United States
Job Description
Job Description
This is not a passive oversight role—this is your chance to
take the helm of Saviynt's FedRAMP security mission and drive it from the front lines. As the
Distinguished Security Engineer (Director-Level Individual Contributor) , you will own the technical and GRC execution that keeps our platform trusted, compliant, and ahead of evolving federal requirements. You'll be both
strategist and engineer , blending hands-on security expertise with the leadership needed to guide our FedRAMP journey end-to-end. We need someone who thrives on
building, breaking, and improving —someone who can lead audits, run vulnerability scans, recommend and deploy controls, and directly shape our security architecture. This is your opportunity to immediately influence Saviynt’s security posture, partner with cross-functional teams, and make FedRAMP compliance a competitive advantage. If you’re ready to
own FedRAMP from the trenches to the boardroom —and make an immediate impact on the security backbone of one of the industry’s leading identity platforms—this is where you make it happen. Your Mission: What You’ll Own and Drive
1. FedRAMP Leadership & Governance: Drive Certification and Trust
Lead Saviynt's entire FedRAMP program
through certification, re-certification, and continuous monitoring cycles. Develop and Maintain:
Create and sustain the
System Security Plan (SSP)
and all FedRAMP-required documentation. Direct ConMon:
Lead monthly Continuous Monitoring (ConMon) meetings, ensuring technical issues are surfaced, resolved, and documented immediately. Validate Artifacts:
Personally review and validate all FedRAMP artifacts—audit reports, gap analysis, POA&Ms, and compliance forms. Serve as POC:
Be the primary
Governance POC
for internal teams, customers, and Federal auditors.
2. Hands-On Security Engineering: Build, Scan, and Secure
Execute technical security controls
within our mission-critical Federal environments. Architect and Integrate:
Design and integrate secure solutions for
AWS, Azure, containers, Kubernetes , and modern applications relevant to the FedRAMP platform. Hunt & Mitigate:
Independently
run vulnerability scans , analyze results, determine exploitability, and rapidly deploy mitigations across the environment. Enhance Detection:
Recommend and implement monitoring enhancements; actively analyze detection alerts to identify and respond to threats. Automate
Compliance:Automate
GRC workflows
to drastically improve the speed, accuracy, and scalability of compliance processes.
3. Cross-Functional Security Enablement: Embed Security Everywhere
Partner with core business and technology teams
to embed security and compliance from inception to deployment. Embed Early:
Proactively partner with product, engineering, and operations to
embed security and compliance requirements
early in the development lifecycle. Translate Requirements:
Convert complex technical audit requirements into clear, actionable engineering deliverables. Support Engagement:
Support sales and customer success by
addressing client compliance and security queries , acting as a trusted security expert. Manage Risk:
Conduct risk assessments,
track remediation efforts , and maintain a comprehensive risk register. Contract Review:
Review vendor and customer contracts for security clauses, driving favorable compliance outcomes.
4. Compliance Expansion: Scale the GRC Foundation
Grow and formalize our overarching compliance framework. Expand Reach:
Contribute to and execute on other compliance programs including
ISO 27001, PCI-DSS, SOC 1, and SOC 2. Document Strategy:
Develop and update core security documentation: policies, standards, incident response plans, and contingency plans. Measure Posture:Establish and maintain metrics
that clearly measure the GRC posture and inform leadership decisions. Lead Training:
Drive security awareness and training initiatives across the organization. What You Bring: Your Qualifications for Command
U.S. Citizenship is required. 15+ years
of hands-on security
architecture/engineering
experience with cloud, containers, and modern app environments. FedRAMP Authority:
Proven leadership in FedRAMP environments with absolute mastery of
NIST RMF and SP 800-53 Rev 5
controls. Technical Expertise:
Strong technical knowledge of secure solutions for
AWS, Azure, Kubernetes , and modern application security practices. Dual Leadership:
Demonstrated ability to both
lead compliance strategy
(policy, documentation, risk) and
execute technical controls directly
(scanning, mitigation, architecture). Agile & Executive Ready:
Experience managing
Agile projects
and delivering polished, effective technical governance updates to executive audiences. Vulnerability Expertise:
Deep experience with vulnerability management, continuous monitoring, and the
POA&M processes. Influence:
Strong stakeholder influence and cross-team collaboration skills essential for driving organizational change. The candidate must:
Meet US persons on US soil requirements. Undergo full background
investigation/screening. Undergo IAL3 requirements (Identity proofing to include I-9 document verification, biometric collection, and mailing address confirmation). If required for this role, you will:
- Complete security & privacy literacy and awareness training during onboarding and annually thereafter
- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to): > Data Classification, Retention & Handling Policy
> Incident Response Policy/Procedures
> Business
Continuity/Disaster
Recovery Policy/Procedures
> Mobile Device Policy
> Account Management Policy
> Access Control Policy
> Personnel Security Policy
> Privacy Policy Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work which directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us! Saviynt is an equal opportunity employer and we welcome everyone to our team.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Job Description
This is not a passive oversight role—this is your chance to
take the helm of Saviynt's FedRAMP security mission and drive it from the front lines. As the
Distinguished Security Engineer (Director-Level Individual Contributor) , you will own the technical and GRC execution that keeps our platform trusted, compliant, and ahead of evolving federal requirements. You'll be both
strategist and engineer , blending hands-on security expertise with the leadership needed to guide our FedRAMP journey end-to-end. We need someone who thrives on
building, breaking, and improving —someone who can lead audits, run vulnerability scans, recommend and deploy controls, and directly shape our security architecture. This is your opportunity to immediately influence Saviynt’s security posture, partner with cross-functional teams, and make FedRAMP compliance a competitive advantage. If you’re ready to
own FedRAMP from the trenches to the boardroom —and make an immediate impact on the security backbone of one of the industry’s leading identity platforms—this is where you make it happen. Your Mission: What You’ll Own and Drive
1. FedRAMP Leadership & Governance: Drive Certification and Trust
Lead Saviynt's entire FedRAMP program
through certification, re-certification, and continuous monitoring cycles. Develop and Maintain:
Create and sustain the
System Security Plan (SSP)
and all FedRAMP-required documentation. Direct ConMon:
Lead monthly Continuous Monitoring (ConMon) meetings, ensuring technical issues are surfaced, resolved, and documented immediately. Validate Artifacts:
Personally review and validate all FedRAMP artifacts—audit reports, gap analysis, POA&Ms, and compliance forms. Serve as POC:
Be the primary
Governance POC
for internal teams, customers, and Federal auditors.
2. Hands-On Security Engineering: Build, Scan, and Secure
Execute technical security controls
within our mission-critical Federal environments. Architect and Integrate:
Design and integrate secure solutions for
AWS, Azure, containers, Kubernetes , and modern applications relevant to the FedRAMP platform. Hunt & Mitigate:
Independently
run vulnerability scans , analyze results, determine exploitability, and rapidly deploy mitigations across the environment. Enhance Detection:
Recommend and implement monitoring enhancements; actively analyze detection alerts to identify and respond to threats. Automate
Compliance:Automate
GRC workflows
to drastically improve the speed, accuracy, and scalability of compliance processes.
3. Cross-Functional Security Enablement: Embed Security Everywhere
Partner with core business and technology teams
to embed security and compliance from inception to deployment. Embed Early:
Proactively partner with product, engineering, and operations to
embed security and compliance requirements
early in the development lifecycle. Translate Requirements:
Convert complex technical audit requirements into clear, actionable engineering deliverables. Support Engagement:
Support sales and customer success by
addressing client compliance and security queries , acting as a trusted security expert. Manage Risk:
Conduct risk assessments,
track remediation efforts , and maintain a comprehensive risk register. Contract Review:
Review vendor and customer contracts for security clauses, driving favorable compliance outcomes.
4. Compliance Expansion: Scale the GRC Foundation
Grow and formalize our overarching compliance framework. Expand Reach:
Contribute to and execute on other compliance programs including
ISO 27001, PCI-DSS, SOC 1, and SOC 2. Document Strategy:
Develop and update core security documentation: policies, standards, incident response plans, and contingency plans. Measure Posture:Establish and maintain metrics
that clearly measure the GRC posture and inform leadership decisions. Lead Training:
Drive security awareness and training initiatives across the organization. What You Bring: Your Qualifications for Command
U.S. Citizenship is required. 15+ years
of hands-on security
architecture/engineering
experience with cloud, containers, and modern app environments. FedRAMP Authority:
Proven leadership in FedRAMP environments with absolute mastery of
NIST RMF and SP 800-53 Rev 5
controls. Technical Expertise:
Strong technical knowledge of secure solutions for
AWS, Azure, Kubernetes , and modern application security practices. Dual Leadership:
Demonstrated ability to both
lead compliance strategy
(policy, documentation, risk) and
execute technical controls directly
(scanning, mitigation, architecture). Agile & Executive Ready:
Experience managing
Agile projects
and delivering polished, effective technical governance updates to executive audiences. Vulnerability Expertise:
Deep experience with vulnerability management, continuous monitoring, and the
POA&M processes. Influence:
Strong stakeholder influence and cross-team collaboration skills essential for driving organizational change. The candidate must:
Meet US persons on US soil requirements. Undergo full background
investigation/screening. Undergo IAL3 requirements (Identity proofing to include I-9 document verification, biometric collection, and mailing address confirmation). If required for this role, you will:
- Complete security & privacy literacy and awareness training during onboarding and annually thereafter
- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to): > Data Classification, Retention & Handling Policy
> Incident Response Policy/Procedures
> Business
Continuity/Disaster
Recovery Policy/Procedures
> Mobile Device Policy
> Account Management Policy
> Access Control Policy
> Personnel Security Policy
> Privacy Policy Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work which directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us! Saviynt is an equal opportunity employer and we welcome everyone to our team.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.