Job Description

Cybersecurity & Compliance Engineer (Hands-On Role)

Overview

We are seeking a

hands-on Cybersecurity & Compliance Engineer

to ensure continuous compliance with NIST privacy and security controls, maintain the integrity of our platform through vulnerability and penetration testing, and support both internal and client-facing security engagements.

This role will also be responsible for developing

quantitative and qualitative measures, metrics, and dashboards

to monitor compliance posture, threat exposure, and control performance.



The ideal candidate will be equally comfortable executing vulnerability assessments, performing hands-on testing, designing compliance metrics, mapping controls to frameworks, and collaborating with clients and internal teams on audits, opportunities, and continuous improvement initiatives.

Key Responsibilities

1. Continuous Compliance Management

Maintain and continuously monitor compliance with NIST SP 800-53, NIST 800-171, and related privacy and security control frameworks. Conduct control assessments and evidence collection to support ongoing compliance and readiness for audits. Develop and maintain documentation, policies, and procedures supporting security and privacy compliance initiatives. Coordinate remediation activities and track closure of nonconformities or control gaps.

Design and implement compliance metrics and dashboards

to measure control effectiveness, risk trends, and audit readiness across business units.

2. Vulnerability & Penetration Testing

Perform hands-on vulnerability scanning, manual verification, and exploitation in controlled environments. Conduct internal and external penetration tests, web application assessments, and infrastructure testing (cloud and on-prem). Validate and communicate findings, prioritize based on risk, and collaborate with engineering teams to drive remediation. Maintain testing scripts, tools, and methodologies consistent with industry best practices (e.g., OWASP, MITRE ATT&CK).

Track and visualize vulnerability trends, remediation SLAs, and recurring issues

using security dashboards and KPI reports.

3. Research, Standards Alignment, and Gap Assessments

Evaluate new and emerging security and privacy frameworks (e.g., ISO 27001, SOC 2, CMMC, CIS, NIST Privacy Framework). Perform detailed gap assessments against applicable frameworks and client security requirements. Provide strategic recommendations for strengthening controls and enhancing compliance posture. Collaborate with architecture and DevSecOps teams to embed new standards into design and delivery processes.

Develop maturity models and benchmark metrics

to measure progress toward compliance with evolving standards.

4. Client Engagement and Audit Support

Participate in client due diligence, RFP, and security questionnaire responses. Support internal and external audits by preparing evidence, addressing findings, and demonstrating compliance maturity. Represent the organization in client security discussions and technical review meetings. Provide clear, professional, and technical documentation to support audit and compliance activities.

Generate data-driven reporting and visualizations

that communicate compliance status, control effectiveness, and audit trends to clients and leadership.

5. Metrics, Measurement, and Reporting

Design and maintain

cybersecurity and compliance dashboards

that integrate data from vulnerability management, compliance tracking, SIEM, and ticketing systems. Define and maintain

Key Performance Indicators (KPIs)

and

Key Risk Indicators (KRIs)

aligned to organizational goals and NIST control families. Automate data collection and reporting processes to ensure timely visibility into security posture. Work with leadership to translate metrics into actionable insights for continuous improvement.

Qualifications

Required:

Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience). 5+ years of experience in cybersecurity compliance, penetration testing, or risk management. Strong understanding of NIST frameworks (SP 800-53, 800-171, 800-37, and Privacy Framework). Experience with vulnerability management and penetration testing tools (e.g., Nessus, Burp Suite, Metasploit, Nmap, Qualys). Demonstrated ability to interpret and apply security controls in both cloud and on-prem environments. Proven ability to design and maintain performance metrics, dashboards, and reporting frameworks. Excellent communication skills for technical and client-facing documentation.

Preferred:

Industry certifications such as CISSP, CISA, CEH, OSCP, or similar. Experience with Azure, AWS, or hybrid cloud compliance controls. Familiarity with GRC platforms (e.g., Archer, ServiceNow, 6clicks) and data visualization tools (e.g., Power BI, Tableau, Grafana). Experience supporting FedRAMP, SOC 2, ISO 27001, or CMMC compliance programs.

Core Competencies

Deep understanding of security and privacy frameworks. Metrics-driven approach to compliance and risk management. Hands-on testing and technical validation skills. Strong analytical and visualization capabilities. Collaborative and client-focused mindset. * Continuous learning and curiosity for evolving standards and technologies.