Washington, United States1 weeks agoUntil 9/7/2026
Full timeOn-site
Job description
Requirements
Must have:
- We need a bachelors degree in Computer Science, Cybersecurity, or a closely related discipline, or equivalent hands-on experience.
We require at least 5 years of Python development experience in enterprise settings.
We need deep familiarity with NIST SP 800-53 Rev. 5 and 5A, along with security control assessment methods.
We require experience integrating APIs and data sources across security tooling.
We need exposure to SIEM platforms such as Microsoft Sentinel or Splunk.
We require experience with cloud environments such as Azure, AWS, or GCP.
We need familiarity with identity and access management systems.
We require a background in writing scripts for automation, data gathering, and analysis.
We need understanding of DevSecOps practices and CI/CD pipelines.
We require strong problem-solving ability and comfort working directly with non-developer stakeholders, including ISSOs.
We prefer experience with continuous monitoring or continuous ATO (cATO).
We prefer familiarity with FedRAMP, FISMA, or CMMC frameworks.
We prefer experience integrating Azure OpenAI or other AI/ML capabilities into security workflows.
We prefer knowledge of KQL, REST APIs, and microservices architecture.
We prefer experience in federal or other regulated environments.
We prefer security certifications such as Security+, CISSP, or CEH.
Responsibilities:
- We design, build, and maintain Python automation scripts to test and validate cybersecurity controls aligned to NIST 800-53 Rev. 5 and 5A.
We integrate with enterprise platforms, including cloud services, SIEMs, endpoint tools, and identity systems, to gather evidence for control validation.
We partner with ISSOs, security engineers, and compliance teams to interpret control requirements, define test criteria, and evaluate control effectiveness.
We implement scheduled automated testing using orchestration tools such as cron, Airflow, or Azure Automation.
We develop reusable frameworks for continuous control monitoring.
We apply AI/ML techniques, including Azure OpenAI, anomaly detection, and natural language processing, to support control analysis and evidence review.
We create dashboards and reports that communicate compliance status and risk posture clearly.
We ensure our scripts are secure, well documented, and aligned with DevSecOps best practices.
We support integration into CI/CD pipelines for security validation.
We maintain traceability between controls, test procedures, and system evidence.
Company:
We are building automated cybersecurity control testing capabilities for an enterprise environment, focused on improving consistency, reducing manual effort, and enabling continuous monitoring through scalable, AI-assisted automation. This is a hybrid or remote role, with preference for candidates in the Washington, DC metro area, and the work location is in the Washington, DC 20426 area. The position offers a salary range of $125,000 to $143,000 per year, along with benefits including a 401(k), health insurance, and paid time off. The role also requires the ability to obtain and maintain a U.S. Government clearance at the Public Trust level or higher.