Continuous Monitoring Engineer

• Manage the full POA&M lifecycle, including risk justifications and deviation requests
• Collect and maintain security evidence for monthly continuous monitoring (FedRAMP, HITRUST, PCI)
• Run and analyze vulnerability scans across OS, databases, web apps, and containers
• Identify false positives and prepare risk assessments for federal stakeholders
• Maintain system inventories and boundary documentation
• Support vulnerability tools (Tenable, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender)
• Collaborate with engineering and SRE teams to integrate scanning into CI/CD pipelines
• Track remediation activities and coordinate timelines with technical teams
• Produce monthly compliance deliverables and vulnerability summaries

• 3–5 years of experience in vulnerability management, continuous monitoring, or security operations
• Hands-on experience scanning OS, networks, databases, containers, and web apps
• Experience with at least two cloud platforms (AWS, Azure, GCP)
• Familiarity with FedRAMP, HITRUST, or PCI frameworks
• Administrator-level cloud certification (AWS/Azure/GCP)
• Strong understanding of CVSS/CMSS scoring and NIST 800‑53 (RA‑5, SI‑2, CM‑6)
• Experience with STIGs, SCAP/SCC, and CIS Benchmarks
• Scripting skills (Python, PowerShell, Bash)
• Strong communication and documentation skills

• Cloud security certifications (AWS/Azure/GCP)
• Security+ or CISSP
• Experience with container security tools (Trivy, Anchore, Snyk) and Kubernetes
• Familiarity with SCA and SAST/DAST tools
• Experience integrating security controls into CI/CD workflows

Medical, Dental, Vision, 401K, PTO, Sick Leave (as required), Holidays