Cloud Security Engineer

Description

Kaizen Approach is seeking a Cloud Security Engineer to operate as the primary owner of vulnerability management, FedRAMP Continuous Monitoring (ConMon), and POA&M governance within AWS cloud environments supporting both Federal and commercial systems. This role requires hands-on experience managing the full lifecycle of vulnerabilities, including identification, prioritization, remediation tracking, and audit-ready documentation aligned to NIST 800-53 and FedRAMP requirements. The engineer will be responsible for maintaining and updating POA&M artifacts, supporting monthly ConMon activities, and ensuring data integrity for audit and 3PAO review. This position also involves managing Deviation Requests, documenting vendor dependencies, and supporting SSP-related compliance efforts. In parallel, the role requires active participation in production security operations, including triaging alerts, performing or validating Root Cause Analyses (RCA), and improving monitoring effectiveness within AWS environments. The ideal candidate will collaborate closely with Engineering and TechOps teams to drive remediation and gather technical evidence, while operating independently in a one-deep environment. This is a fully remote position supporting mission-critical cloud systems with a strong emphasis on accountability, technical depth, and real-world process ownership.

Requirements:

• Must be authorized to work in the U.S. and able to meet U.S. citizenship eligibility requirements due to federal program support and future FedRAMP scalability
• Must demonstrate direct, hands-on experience operating within a FedRAMP environment, including Continuous Monitoring (ConMon), ATO lifecycle support, audit readiness, and interaction with 3PAO or agency reviewers, with the ability to clearly articulate real-world processes during technical discussions
• Must have proven ownership of the full POA&M lifecycle, including creating and maintaining POA&M entries in Excel using FedRAMP templates, managing CVEs, CVSS scores, milestones, SLAs, and Deviation Requests (DRs), performing monthly updates, reconciling scan data, and ensuring audit-ready data integrity
• Must have hands-on experience managing cloud vulnerability identification, prioritization, and remediation using tools such as Wiz, Tenable, Qualys, Inspector, or similar CNAPP/CSPM platforms, including applying FedRAMP SLA timelines and validating remediation with engineering teams
• Must demonstrate experience managing complex FedRAMP compliance processes, including Deviation Requests (false positives, operational requirements, risk adjustments), vendor dependency and external service provider (ESP) identification, and documentation within SSPs or related artifacts
• Must demonstrate strong cross-functional collaboration with Engineering and TechOps teams, including driving remediation efforts, resolving disputes on vulnerability findings, gathering technical evidence for compliance artifacts (POA&M, SSP, DR packages), and securing buy-in without direct authority
• Must have strong AWS cloud security operations experience, including triaging alerts, correlating with ticketing systems, performing or validating Root Cause Analysis (RCA), improving monitoring effectiveness, and reducing alert noise in production environments
• Must have 5 years of experience in cloud security, vulnerability management, or security operations supporting programs and contracts of similar scope, type, and complexity
• Must have a bachelor's degree in a technical discipline such as Computer Science, Information Systems, Engineering, Cybersecurity, or a related field from an accredited college or university, OR 10 years of related experience if a degree is not held
• This position does not require an active security clearance

Salary Range:

A variety of factors can impact the final salary offered, including, but not limited to, geographic location, Federal Government contract labor categories and wage rates, relevant work experience, specialized skills and competencies, education, and certifications.

About Kaizen Approach

At Kaizen Approach, we truly care about our team, offering flexibility for a balanced life, competitive compensation, and a robust benefits package that supports you and your family. We prioritize well-being with premium healthcare, financial and family support, retirement planning, and ongoing learning. With 4 weeks of PTO, 11 holidays, gifted 401k, profit sharing, and paid training, we're committed to your growth and happiness-both at work and beyond!

Kaizen Approach is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation,