Jobs · Information Technology · Maryland

Security Engineer

Skyward · Rockville, MD · 3 wk ago
Information TechnologyFull-time

About the role

Join the team supporting the Centers for Medicare & Medicaid Services (CMS) as it merges and modernizes its enterprise knowledge and data systems into a single, AI-driven platform, reducing manual effort, improving data accuracy, and enhancing transparency for stakeholders.

Responsibilities

  • Find and prioritize what matters. Run vulnerability and security scans, then build a clear, prioritized list of weaknesses based on severity, known exploitation, and exploitation probability using intelligence sources like the CISA KEV catalog and EPSS.
  • Automate security into the pipeline. Embed security tooling such as Snyk, Trufflehog/GitLeaks, Tenable, and AWS Inspector into CI/CD so vulnerabilities are caught and reported before they ship.
  • Modernize compliance, hands-on. Help drive the move toward Continuous ATO (cATO) and near-real-time compliance monitoring using AWS Security Hub, Config, and Audit Manager, plus the CMS GRC system of record (CFACTS).
  • Build and feed continuous monitoring. Implement monitoring of production runtime environments for vulnerabilities and compliance drift, and make security and compliance reporting available on demand.
  • Track and close the gaps. Document vulnerabilities, misconfigurations, and compliance deviations, and support POA&M creation and remediation tracking to keep system ATOs healthy.
  • Keep us aligned to the standards. Support compliance with CMS and federal requirements such as NIST RMF, ARS, and IS2P2 within a FISMA Moderate boundary.
  • Harden access. Help implement least-privilege, role-based access controls aligned to Zero Trust objectives and support regular access reviews and audits.
  • Raise the flag early. Identify, document, and communicate security risks tied to modernization efforts so they get to the right stakeholders before they become problems.

Requirements

  • A bachelor’s degree in computer science, information systems, cybersecurity, or a related field.
  • 3–5 years of experience in security engineering, cybersecurity, or a related role.
  • Hands-on experience with vulnerability scanning and management tools (e.g., Tenable, AWS Inspector, Snyk, Trufflehog, or GitLeaks).
  • Working knowledge of AWS security and compliance services (Security Hub, Config, Audit Manager) or comparable cloud-native tooling.
  • Familiarity with security compliance and the Authority to Operate (ATO) process, including POA&Ms and continuous monitoring.
  • Understanding of federal security frameworks such as NIST RMF, ARS, or IS2P2 (or a strong willingness to learn them quickly).
  • Comfort scripting and automating in Python or Bash and integrating tooling into CI/CD pipelines.
  • Solid problem-solving skills and the ability to collaborate across multiple stakeholders.
  • Previous experience supporting CMS.
  • Experience securing AI, NLP, or LLM-driven systems and the data behind them.

Qualifications

Even if you don’t meet 100% of the qualifications, we encourage you to apply. At Skyward, we’re focused on hiring individuals with the right skills and passion to grow, not just checking off every box.

Skills

  • Knowledge of AWS security and compliance services (Security Hub, Config, Audit Manager) or comparable cloud-native tooling.
  • Experience with security compliance and the Authority to Operate (ATO) process, including POA&Ms and continuous monitoring.
  • Understanding of federal security frameworks such as NIST RMF, ARS, or IS2P2 (or a strong willingness to learn them quickly).
  • Comfort scripting and automating in Python or Bash and integrating tooling into CI/CD pipelines.
  • Experience securing AI, NLP, or LLM-driven systems and the data behind them.

Benefits

  • Medical, dental, vision insurance (fully paid for employees)
  • 15 days of paid leave
  • 7 days of sick leave
  • 2 days bereavement leave
  • 11 paid Federal holidays
  • Up to 40 hours for jury duty
  • 401K with 4% employer contribution (and no vesting period)
  • Up to 4 weeks of paid paternity and maternity leave
  • Company provided laptop
  • $5,000 per year for professional development
  • $600 per year for technical supplies and equipment
  • $2,000 referral bonus
  • Life and disability insurance
  • HSA and FSA
  • Legal Shield and ID Shield Voluntary Benefits

Pay

We believe great work deserves great pay. That’s why we ensure our compensation is not only competitive but also fair and transparent, as required by Maryland law. Expect a salary that matches your skills, experience, and the value you bring to the table — because you’re worth it!

Schedule

Offers of employment with Skyward are contingent upon acceptable results of a background investigation. Applicants must have the ability to obtain and maintain a Public Trust security clearance due to the nature of our work as a government contractor.

Similar jobs

Security Engineer

HaystackPhiladelphia, PA· 4 days ago
Information Technology$126k–$210k/yrapply on haystack.cv

Security Engineer

Objective PartnersNew York, NY· 1 wk ago
Information Technologyapply on objectivepartners.co

Security Engineer

Outmarket AIUnited States· 1 wk ago
RemoteInformation Technologyapply on jobs.ashbyhq.com

Security Engineer

Candid HealthSan Francisco, CA· 4 mo ago
Information Technologyapply on joincandidhealth.com

Security Engineer

RoboflowUnited States· 4 mo ago
RemoteInformation Technology$165k–$200k/yrapply on jobs.ashbyhq.com

Security Engineer

SecuriportReston, VA· 2 mo ago
Information Technologyapply on securiport1.bamboohr.com