Title: Security Engineer - Local to Texas
Location: Austin, TX (Hybrid/Onsite)
Duration: 6 – 18 Months Contract
The Security Engineer will project work by leading security governance, compliance, and risk management activities, with a strong focus on System Security & Privacy Plans (SSP/SSPP). This role bridges technical security operations and regulatory compliance, ensuring audit readiness, effective vulnerability remediation, and secure delivery of public-facing services across complex, multi-platform environments.
· Lead end to end System Security & Privacy Plan (SSP/SSPP) development, maintenance, and updates for enterprise systems
· Drive remediation activities through POA&M management, ensuring timely closure of compliance gaps
· Translate penetration testing and vulnerability findings into actionable remediation work items (EPICs/user stories)
· Coordinate with application, infrastructure, and security teams to validate remediation through re-testing and evidence
· Oversee risk-based vulnerability management, including prioritization and SLA-driven remediation
· Provide governance oversight for endpoint protection, web application security, and cloud security controls
· Produce assessor ready documentation, including configurations, monitoring evidence, approvals, and incident traceability
· Support continuous audit readiness and reduce repeat findings through disciplined governance and documentation practices
Qualifications
• Deep focus on: Governance, Risk, and Compliance (GRC), Enterprise Security and Security Architecture, Vulnerability Management and Penetration Testing, Cloud Security and hybrid environments
• Proven experience owning SSP development end to end
• Hands-on experience with CMS MARS E v2.2 or comparable federal/state security frameworks
• Strong expertise in: Control implementation documentation, Audit evidence collection and validation, POA&M creation, tracking, and remediation management
• Ability to translate technical security issues into compliance aligned remediation actions
• Strong stakeholder management skills across security, infrastructure, and application teams
• Excellent written and verbal communication skills, particularly for executive stakeholders
• Knowledge of NIST 800 53, NIST RMF, and privacy controls
• Knowledge of Secure SDLC and DevSecOps practices
Preferred
• Experience operating in multi-vendor, multi-platform environments
• Demonstrated ability to reduce repeat audit findings and improve compliance maturity
• Experience mentoring or guiding teams on security governance best practices
• Experience supporting HHSC systems, including SSP development and compliance
Thanks & Regards
Rocky Thomas | M9 Consulting, Inc
Email:
Never miss an opportunity! Create an alert based on the job you applied for.
