Saviynt
Distinguished Security Engineer – FedRAMP High - Director Level
Saviynt, Atlanta, Georgia, United States, 30383
Distinguished Security Engineer – FedRAMP High - Director Level
As the Distinguished Security Engineer (Director-Level Individual Contributor), you will own the technical and GRC execution that keeps our platform trusted, compliant, and ahead of evolving federal requirements. You\'ll be both strategist and engineer, blending hands-on security expertise with the leadership needed to guide our FedRAMP journey end-to-end. We need someone who thrives on building, breaking, and improving—someone who can lead audits, run vulnerability scans, recommend and deploy controls, and directly shape our security architecture. This is your opportunity to influence Saviynt’s security posture, partner with cross-functional teams, and make FedRAMP compliance a competitive advantage. If you\’re ready to own FedRAMP from the trenches to the boardroom—and make an immediate impact on the security backbone of one of the industry\’s leading identity platforms—this is where you make it happen. Your Mission: What You’ll Own and Drive
1. FedRAMP Leadership & Governance: Drive Certification and Trust
Lead Saviynt\'s entire FedRAMP program through certification, re-certification, and continuous monitoring cycles Develop and Maintain: Create and sustain the System Security Plan (SSP) and all FedRAMP-required documentation Direct ConMon: Lead monthly Continuous Monitoring (ConMon) meetings, ensuring technical issues are surfaced, resolved, and documented immediately Validate Artifacts: Personally review and validate all FedRAMP artifacts—audit reports, gap analysis, POA&Ms, and compliance forms Serve as POC: Be the primary Governance POC for internal teams, customers, and Federal auditors
2. Hands-On Security Engineering: Build, Scan, and Secure
Execute technical security controls within our mission-critical Federal environments Architect and Integrate: Design and integrate secure solutions for AWS, Azure, containers, Kubernetes, and modern applications relevant to the FedRAMP platform Hunt & Mitigate: Independently run vulnerability scans, analyze results, determine exploitability, and rapidly deploy mitigations across the environment Enhance Detection: Recommend and implement monitoring enhancements; actively analyze detection alerts to identify and respond to threats Automate Compliance: Automate GRC workflows to drastically improve the speed, accuracy, and scalability of compliance processes
3. Cross-Functional Security Enablement: Embed Security Everywhere
Partner with core business and technology teams to embed security and compliance from inception to deployment Embed Early: Proactively partner with product, engineering, and operations to embed security and compliance requirements early in the development lifecycle Translate Requirements: Convert complex technical audit requirements into clear, actionable engineering deliverables Support Engagement: Support sales and customer success by addressing client compliance and security queries, acting as a trusted security expert Manage Risk: Conduct risk assessments, track remediation efforts, and maintain a comprehensive risk register Contract Review: Review vendor and customer contracts for security clauses, driving favorable compliance outcomes
4. Compliance Expansion: Scale the GRC Foundation
Grow and formalize our overarching compliance framework Expand Reach: Contribute to and execute on other compliance programs including ISO 27001, PCI-DSS, SOC 1, and SOC 2 Document Strategy: Develop and update core security documentation: policies, standards, incident response plans, and contingency plans Measure Posture: Establish and maintain metrics that clearly measure the GRC posture and inform leadership decisions Lead Training: Drive security awareness and training initiatives across the organization
What You Bring: Your Qualifications for Command
U.S. Citizenship is required. 15+ years of hands-on security architecture/engineering experience with cloud, containers, and modern app environments FedRAMP Authority: Proven leadership in FedRAMP environments with mastery of NIST RMF and SP 800-53 Rev 5 controls Technical Expertise: Strong knowledge of secure solutions for AWS, Azure, Kubernetes, and modern application security practices Dual Leadership: Ability to both lead compliance strategy and execute technical controls directly (scanning, mitigation, architecture) Agile & Executive Ready: Experience managing Agile projects and delivering governance updates to executive audiences Vulnerability Expertise: Deep experience with vulnerability management, continuous monitoring, and the POA&M processes Influence: Strong stakeholder influence and cross-team collaboration skills The candidate must: Meet US persons on US soil requirements Undergo full background investigation/screening Undergo IAL3 requirements (Identity proofing to include I-9 document verification, biometric collection, and mailing address confirmation) If required for this role, you will: Complete security & privacy literacy and awareness training during onboarding and annually thereafter Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as: Data Classification, Retention & Handling Policy Incident Response Policy/Procedures Business Continuity/Disaster Recovery Policy/Procedures Mobile Device Policy Account Management Policy Access Control Policy Personnel Security Policy Privacy Policy Saviynt is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
#J-18808-Ljbffr
As the Distinguished Security Engineer (Director-Level Individual Contributor), you will own the technical and GRC execution that keeps our platform trusted, compliant, and ahead of evolving federal requirements. You\'ll be both strategist and engineer, blending hands-on security expertise with the leadership needed to guide our FedRAMP journey end-to-end. We need someone who thrives on building, breaking, and improving—someone who can lead audits, run vulnerability scans, recommend and deploy controls, and directly shape our security architecture. This is your opportunity to influence Saviynt’s security posture, partner with cross-functional teams, and make FedRAMP compliance a competitive advantage. If you\’re ready to own FedRAMP from the trenches to the boardroom—and make an immediate impact on the security backbone of one of the industry\’s leading identity platforms—this is where you make it happen. Your Mission: What You’ll Own and Drive
1. FedRAMP Leadership & Governance: Drive Certification and Trust
Lead Saviynt\'s entire FedRAMP program through certification, re-certification, and continuous monitoring cycles Develop and Maintain: Create and sustain the System Security Plan (SSP) and all FedRAMP-required documentation Direct ConMon: Lead monthly Continuous Monitoring (ConMon) meetings, ensuring technical issues are surfaced, resolved, and documented immediately Validate Artifacts: Personally review and validate all FedRAMP artifacts—audit reports, gap analysis, POA&Ms, and compliance forms Serve as POC: Be the primary Governance POC for internal teams, customers, and Federal auditors
2. Hands-On Security Engineering: Build, Scan, and Secure
Execute technical security controls within our mission-critical Federal environments Architect and Integrate: Design and integrate secure solutions for AWS, Azure, containers, Kubernetes, and modern applications relevant to the FedRAMP platform Hunt & Mitigate: Independently run vulnerability scans, analyze results, determine exploitability, and rapidly deploy mitigations across the environment Enhance Detection: Recommend and implement monitoring enhancements; actively analyze detection alerts to identify and respond to threats Automate Compliance: Automate GRC workflows to drastically improve the speed, accuracy, and scalability of compliance processes
3. Cross-Functional Security Enablement: Embed Security Everywhere
Partner with core business and technology teams to embed security and compliance from inception to deployment Embed Early: Proactively partner with product, engineering, and operations to embed security and compliance requirements early in the development lifecycle Translate Requirements: Convert complex technical audit requirements into clear, actionable engineering deliverables Support Engagement: Support sales and customer success by addressing client compliance and security queries, acting as a trusted security expert Manage Risk: Conduct risk assessments, track remediation efforts, and maintain a comprehensive risk register Contract Review: Review vendor and customer contracts for security clauses, driving favorable compliance outcomes
4. Compliance Expansion: Scale the GRC Foundation
Grow and formalize our overarching compliance framework Expand Reach: Contribute to and execute on other compliance programs including ISO 27001, PCI-DSS, SOC 1, and SOC 2 Document Strategy: Develop and update core security documentation: policies, standards, incident response plans, and contingency plans Measure Posture: Establish and maintain metrics that clearly measure the GRC posture and inform leadership decisions Lead Training: Drive security awareness and training initiatives across the organization
What You Bring: Your Qualifications for Command
U.S. Citizenship is required. 15+ years of hands-on security architecture/engineering experience with cloud, containers, and modern app environments FedRAMP Authority: Proven leadership in FedRAMP environments with mastery of NIST RMF and SP 800-53 Rev 5 controls Technical Expertise: Strong knowledge of secure solutions for AWS, Azure, Kubernetes, and modern application security practices Dual Leadership: Ability to both lead compliance strategy and execute technical controls directly (scanning, mitigation, architecture) Agile & Executive Ready: Experience managing Agile projects and delivering governance updates to executive audiences Vulnerability Expertise: Deep experience with vulnerability management, continuous monitoring, and the POA&M processes Influence: Strong stakeholder influence and cross-team collaboration skills The candidate must: Meet US persons on US soil requirements Undergo full background investigation/screening Undergo IAL3 requirements (Identity proofing to include I-9 document verification, biometric collection, and mailing address confirmation) If required for this role, you will: Complete security & privacy literacy and awareness training during onboarding and annually thereafter Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as: Data Classification, Retention & Handling Policy Incident Response Policy/Procedures Business Continuity/Disaster Recovery Policy/Procedures Mobile Device Policy Account Management Policy Access Control Policy Personnel Security Policy Privacy Policy Saviynt is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
#J-18808-Ljbffr