Security Engineer (Cloud Security Engineer) — FedRAMP Control Implementation & Automation Support

C2 Labs is hiring a Security Engineer (Cloud Security Engineer) to support FedRAMP authorization acceleration and ongoing ConMon for defense-focused startups and companies deploying production workloads on Azure Government. You’ll implement security controls, build repeatable evidence pipelines, and help make ConMon feel like an operational routine—not a monthly fire drill.

What you’ll do

• Implement and tune cloud security controls (IAM, logging, vulnerability management, configuration baselines, incident readiness).
• Configure security tooling and integrations to produce repeatable evidence for authorization and ConMon.
• Support remediation and hardening workstreams, including vulnerability scan remediation support.
• Help automate evidence exports / reporting inputs where feasible and keep operations sustainable post-authorization.

What we’re looking for

• 5+ years security engineering experience, including cloud security implementation and operations.
• Hands-on experience with vulnerability management and secure configuration practices.
• Working familiarity with cloud logging/monitoring, IAM guardrails, encryption/key management, and incident response readiness.
• Comfort scripting/automation (PowerShell, Python, bash) and working with APIs/integrations.
• Ability to communicate technical findings clearly to non-engineers and support audit/assessment discussions.

Nice to have

• Bachelor’s degree in Computer Science, Engineering, IT, or related field
• Azure security experience (Defender for Cloud, Sentinel/Log Analytics, Azure Policy, PIM) and/or Azure Government experience.
• Experience supporting NIST 800-53 / FedRAMP assessments, remediation, or ConMon deliverables.
• Security+ / AZ-500 / CISSP or similar certifications.
• Experience integrating evidence into GRC platforms (RegScale preferred).

Engagement details

• 1099 independent contractor (initial engagement); project-based with potential extension into ConMon operations.
• Remote-first; occasional on-site support only when customer environment requires it (rare).
• No clearance required; must be able to pass a standard background check and sign NDA/SOW.
• Work is typically in Azure Government environments supporting FedRAMP 20X and/or legacy packages.