City : Austin
State : Texas
Neos is Seeking a Sr. GRC Security Engineer - SSP Lead for a contract role with our client in Austin, TX.
***HYBRID (TEXAS) - ONLY CANDIDATES CURRENTLY RESIDING IN THE AUSTIN, TX AREA (Within 50-mile radius) WILL BE CONSIDERED***
Position will be 3 days remote with 2 days (Mon & Thurs) required to be onsite at 4601 W. 51st, Austin, TX 78751
Interviews will be conducted In-Person
No calls, no emails, please respond directly to the "apply" link with your resume and contact details.
The Security Engineer will project work by leading security governance, compliance, and risk management activities, with a strong focus on System Security & Privacy Plans (SSP/SSPP). This role bridges technical security operations and regulatory compliance, ensuring audit readiness, effective vulnerability remediation, and secure delivery of public-facing services across complex, multi-platform environments.
Lead end to end System Security & Privacy Plan (SSP/SSPP) development, maintenance, and updates for enterprise systems
Drive remediation activities through POA&M management, ensuring timely closure of compliance gaps
Translate penetration testing and vulnerability findings into actionable remediation work items (EPICs/user stories)
Coordinate with application, infrastructure, and security teams to validate remediation through re-testing and evidence
Oversee risk-based vulnerability management, including prioritization and SLA-driven remediation
Provide governance oversight for endpoint protection, web application security, and cloud security controls
Produce assessor ready documentation, including configurations, monitoring evidence, approvals, and incident traceability
Support continuous audit readiness and reduce repeat findings through disciplined governance and documentation practices
CANDIDATE SKILLS AND QUALIFICATIONS
12 years Required - deep focus on: Governance, Risk, and Compliance (GRC), Enterprise Security and Security Architecture, Vulnerability Management and Penetration Testing, Cloud Security and hybrid environments
10 years Required - Proven experience owning SSP development end to end
10 years Required - Hands on experience with CMS MARS E v2.2 or comparable federal/state security frameworks
10 years Required - Strong expertise in: Control implementation documentation, Audit evidence collection and validation, POA&M creation, tracking, and remediation management
8 years Required - Ability to translate technical security issues into compliance aligned remediation actions
8 years Required - Strong stakeholder management skills across security, infrastructure, and application teams
8 years Required - Excellent written and verbal communication skills, particularly for executive stakeholders
8 years Required - Knowledge of NIST 800-53, NIST RMF, and privacy controls
8 years Required - Knowledge of Secure SDLC and DevSecOps practices
5 years Preferred - Experience operating in multi-vendor, multi-platform environments
5 years Preferred - Demonstrated ability to reduce repeat audit findings and improve compliance maturity
5 years Preferred - Experience mentoring or guiding teams on security governance best practices
1 year Preferred - Experience supporting HHSC systems, including SSP development and compliance
#DICE
#LI-MF
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
- Dice Id: 10111245
- Position Id: a0FRb00000E9c6QMAR
- Posted 12 hours ago
%201.png%3Fformat%3Dwebp&w=828&q=75)
%202.png%3Fformat%3Dwebp&w=1080&q=75)
Never miss an opportunity! Create an alert based on the job you applied for.