Associate Security Engineer, FedRAMP Opportunity

consensus cloud solutions company

Subscribe to our Telegram & Twitter Channel

Associate Security Engineer, FedRAMP in United State

Visa sponsorship 3 hours ago
Report
Apply now
experience level
ExperienceMid-Senior level
employment status
Job typeFull-time

Consensus Cloud Solutions is a publicly traded, leading digital cloud fax and interoperability solutions organization in the United States and globally, focusing on connecting and empowering healthcare providers, payers, care teams, and technology innovators to unify multiple systems that wouldn’t otherwise talk to each other. Consensus is a trailblazer in our industry and believes that data transformation will reshape the world of healthcare.

Founded over 25 years ago, Consensus leverages its technology heritage to move from simple digital documents to advanced healthcare standards (HL7/FHIR) for secure data transport, as well as Natural Language Processing (NLP) and Artificial Intelligence (AI) to convert unstructured to structured, analytics-ready data, helping users unveil information that is meaningful and actionable for better patient care.

Consensus leads the industry in data exchange solutions and we’re only getting started! With exciting new initiatives on the horizon, we are continuing our strategic expansion and we are looking to add to our diverse team of innovators.

Now is the ideal time to join us in our mission to solve healthcare’s biggest challenges, and work collaboratively with a diverse team of like-minded self-starters and partners to accomplish it.

Consensus Cloud Solutions is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive and equitable environment for all employees. We offer many remote and hybrid career opportunities.

How You Will Impact The Organization…

The Associate Security Engineer for FedRAMP plays a crucial role in maintaining the organization’s FedRAMP High compliance and overall cloud security posture. This position supports the mission of delivering secure, government-compliant services by working on Security Operations (SecOps) projects, managing technical operations, and ensuring compliance with NIST 800-53 Rev 5 standards as part of a team. Key responsibilities include supporting the Annual 3PAO Assessment, managing OS patching for up to 350 servers, managing antivirus and backup solutions, and conducting regular vulnerability scans using tools such as Nessus and Burp Suite. The engineer will be responsible for operating the endpoint security with FortiClient EMS, configuring and managing authentication using Okta for Government, and managing backups with N2WS. Under supervision, they will provide security operation center (SOC) and technical support coverage, monitor logs and intrusions using Splunk, and conduct security assessments of AWS GovCloud. Additional duties include performing Active Directory user access reviews and implementing access controls, supporting red team and penetration testing, assisting with POAM in coordination with the FedRAMP GRC team, and participating in incident response and disaster recovery exercises.

The value you will deliver…

  • Perform SecOps services under supervision.
  • Support Annual FedRAMP 3PAO assessments and security control validation.
  • Conduct patch management for operating systems on up to 350 servers.
  • Configure and operate antivirus solutions and ensure endpoint security using FortiClient EMS.
  • Configure and operate AWS backup and disaster recovery using N2WS Backup.
  • Conduct monthly vulnerability scans (OS, database, web apps, STIG baseline) using Nessus and provide reporting and analysis.
  • Perform rescans to confirm remediation of vulnerabilities.
  • Generate monthly security reports and conduct user access reviews.
  • Manage and test functional Disaster Recovery and Incident Response plans per NIST 800-53 Rev 5.
  • Operate and maintain SIEM tools such as Splunk for threat detection and correlation.
  • Maintain technical support services with a 15-minute callback SLA.
  • Perform continuous log management and intrusion detection monitoring.
  • Conduct configuration consistency checks and quarterly authorized software reviews.
  • Manage AWS GovCloud security groups and access control list reviews.
  • Administer Active Directory account creation, password resets, and YubiKey setup.
  • Manage user access for production and pre-production systems and security tools.
  • Support and validate annual penetration testing and red team exercises.
  • Conduct continuous monitoring (ConMon) and FedRAMP validation scans.
  • Collaborate with the GRC team to manage and resolve POAMs.
  • Participate in Incident Response and Disaster Recovery testing activities.
  • Contribute to Annual Assessment preparation and Significant Change Management reviews.
  • Assist with evaluating security tools and conducting proof-of-concept testing for new technologies.
  • Support internal and external security audits beyond FedRAMP (e.g., SOC 2, HITRUST, PCI, etc.).
  • Provide input on security policies, procedures, and documentation updates.
  • Participate in cross-functional project teams for infrastructure or application changes.
  • Deliver internal security awareness or training sessions as needed.
  • Research emerging threats, vulnerabilities, and security trends to inform program improvements.
  • Assist in vendor risk assessments and third-party security reviews.
  • Create and maintain technical runbooks, knowledge base articles, and process documentation.
  • Support response efforts for privacy incidents or data breaches involving PII/PHI.
  • Participate in industry or government security forums, working groups, or communities of interest.
  • Provide backup support for other security team members during absences.
  • Perform other duties and responsibilities as required, assigned, or requested. Consensus reserves the right to add or change duties at any time.


What You Will Bring To The Table…

  • 3+ years of experience in security engineering or a similar technical security role.
  • 3+ years of hands-on experience in cybersecurity, with at least 2 years in a security engineering role.
  • 3+ years of experience with Vulnerability Management tools for identifying, tracking, and mitigating vulnerabilities across systems and applications. Such as Nessus Pro, Burp Suite, and SonarCube.
  • 3+ years of experience using Endpoint Protection tools like FortiClient Enterprise Management Server (EMS), CrowdStrike, Carbon Black, or SentinelOne to monitor and protect endpoints against threats.
  • 3+ years of experience with Cloud Service Providers and their Security platforms, including cloud-native application protection, cloud security posture management in tools such as AWS Security Hub.
  • 2+ years of experience with AWS security services such as IAM, CloudTrail, GuardDuty, and Security Hub.
  • 2+ years of experience implementing Security Technical Implementation Guides (STIGs) and baseline configuration management.
  • 2+ years of experience with AWS backup tools such as N2WS Backup for AWS backup and disaster recovery.
  • 2+ years of experience with One-time password systems for secure authentication, such as Okta.
  • 2+ years of experience with SIEM (Security Information and Event Management) platforms, such as Splunk, Elastic, or Exabeam, for detecting, analyzing, and responding to security incidents.
  • 2+ years of experience with Security Monitoring and Incident Response processes, such as Splunk, to manage alerts, monitor for potential threats, and respond effectively.
  • 2+ years of experience using Security Posture Management tools, such as Cloudflare or Prisma Cloud, to ensure compliance and configuration standards across cloud environments.
  • 1+ year of direct experience supporting FedRAMP, NIST 800-53, or similar government security compliance frameworks.
  • Experience supporting FedRAMP, NIST 800-53, or other government compliance frameworks is strongly preferred.
  • Industry certifications such as CISSP, CISM, CEH, Security+, or equivalent are preferred but not required.
  • Hands-on experience with tools such as Nessus, Splunk, Burp Suite, FortiClient EMS, and AWS GovCloud is required.
  • Ongoing training and continuing education in cybersecurity best practices are encouraged.
  • Experience applying compliance frameworks to support product security efforts, such as ensuring adherence to security best practices during product development and integration, particularly in cloud-based and SaaS environments.
  • Practical experience performing vulnerability scanning, patch management, and incident response.
  • Experience working with security tools such as Nessus, Splunk, FortiClient EMS, and Burp Suite.
  • Familiarity with cloud security, preferably within AWS GovCloud or other regulated cloud environments.
  • Experience managing or supporting a Security Operations Center (SOC) or 24/7 security monitoring environment is a plus.
  • Demonstrated ability to work in cross-functional teams and lead technical initiatives.
  • Basic understanding of regulatory and compliance frameworks related to product security compliance, such as GDPR, CCPA, and NIST, to ensure the organization meets necessary security standards.
  • Experience in security compliance frameworks, including NIST 800 53 Rev 5 and FedRAMP, to ensure adherence to regulatory requirements and security best practices.


You will stand out if you also have…

  • Experience supporting FedRAMP High environments or other high-impact government-authorized systems.
  • Experience with Plan of Action and Milestones (POAM) management and working with GRC teams.
  • Exposure to penetration testing and red team operations in cloud and hybrid environments.
  • Experience automating security tasks using scripting languages such as Python, PowerShell, or Bash.
  • Knowledge of ticketing and workflow systems like ManageEngine ServiceDesk Plus (MESD).
  • Ability to contribute to policy and procedure development and documentation.
  • Strong written communication skills for reporting, analysis, and compliance documentation.


Additional Details…

  • Location requirements: Fully remote within the U.S.
  • Travel requirements: Up to 10% travel
  • Physical requirements: Must be able to sit for long periods, as well as, handle long periods of screen time
  • Technology requirements: Reliable, high speed internet
  • Eligible for sponsorship: No
  • Security clearance: Ability to achieve and maintain a security clearance with the U.S. Government is required.


The salary range for this role is $105,000 - $125,000 USD annually. The total compensation package for this position is negotiable and may also include annual performance bonus, ESPP, enhanced time off packages and benefits. This job doesn't have an expiration date and will remain open until a qualified candidate is hired.

We are not accepting agency submissions for this role.
Apply now
Report
jaabz logo
consensus cloud solutions
Category
Cyber Security
Skills
python artificial intelligence ai gdpr cloudflare ceh cism natural language processing penetration testing server cissp sla nist incident response patch management active directory saas siem aws bash cloud configuration management cloud native powershell cybersecurity security audits cloud security splunk burp suite nessus
Industries
it services and it consulting

Subscribe our newsletter

New Things Will Always Update Regularly