Job Description

San Francisco, CA; Seattle, WA; New York, NY; Washington, DC

Our Security team works on operational issues at the leading edge of machine learning technology. You will join a creative and solutions-oriented team collaborating with internal teams at Scale and externally with our customers. Scale is looking for an experienced security and compliance professional to support Assessment and Authorization and agency audit activities for Scales products that are offered in the US Government and global Public Sector space. We are looking for relentlessly curious, deliberately open-minded, and action-oriented generalists who can design effective legal advice, internal policies, and operational processes while employing an empathetic interpersonal style. If you enjoy solving novel and challenging problems and building strong teams and relationships while doing it, wed love to hear from you!

Compensation packages at Scale for eligible roles include base salary, equity, and benefits. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position, determined by work location and additional factors, including job-related skills, experience, interview performance, and relevant education or training. Scale employees in eligible roles are also granted equity based compensation, subject to Board of Director approval. Youll also receive benefits including, but not limited to: Comprehensive health, dental and vision coverage, retirement benefits, a learning and development stipend, and generous PTO. Additionally, this role may be eligible for additional benefits such as a commuter stipend.

Please reference the job posting's subtitle for where this position will be located. For pay transparency purposes, the base salary range for this full-time position in the locations of San Francisco, New York, Seattle is:

$1 - $1 USD

You will:

• Lead public sector security compliance projects and audits (FedRAMP HIGH, DoD Cloud Computing SRG IL4/IL5/IL6 , NIST 800-53 rev 5, NIST 800-171/CMMC, Risk Management Framework)
• Collaborate with product, engineering, security, operations, people operations, and legal to implement new technical, administrative, and operational controls
• Work with 3PAOs and federal government AOs to achieve compliance certifications and reports
• Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures
• Serve as a liaison between system owners and other security personnel, ensuring that selected security controls are effectively implemented and maintained throughout the lifecycle of projects
• Act as a liaison between system owners and other security personnel to facilitate effective communication and collaboration
• Develop, maintain, review, and update system security documentation on a continuous basis
• Conduct required vulnerability scans and develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities. Manage risks by coordinating correction or mitigation actions and tracking the completion of POAMs
• Coordinate system owner concurrence for correction or mitigation actions and monitor security controls to maintain security Authorized To Operate (ATO)
• Upload security control evidence to the Governance, Risk, and Compliance (GRC) application (eMASS or Xacta) to support security control implementation during the monitoring phase
• Perform Cloud system risk assessments, enhance process workflows, and develop new processes
• Implement all applicable manual Security Technical Implementation Guides (STIGs), vendor hardening guides and ensuring timely installation of all available patches
• Create and maintain ATO packages
• Lead security compliance reviews for new products, changes, and features
• Proactively evaluate and advise the business on new and evolving certification programs, requirements, and technologies
• Develop and provide training to improve the security awareness and knowledge for all employees and contractors

Required:

Active US Top Secret security clearance with minimum IAT Level 2 certification (Security +, CASP, or similar)

Ideally youd have:

• Experience implementing and maintaining some of the following frameworks and standards: FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, NIST 800-53.
• STIG/RMF policy knowledge & implementation, including validating compliance via ACAS and other relevant tests.
• Experience in project management and taking projects from conception to launch
• An ability to translate between business and technical risk and communicate clearly to leadership
• Excellent organizational and communications skills
• Understanding of cybersecurity controls for cloud service providers
• Knowledge of AWS and other government authorized cloud services
• 5+ years of security compliance or technology audit related experience

Nice-to-haves:

• Bachelors degree in accounting, information systems, computer science, or a related field

We are an equal opportunity employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability status, gender identity or Veteran status. We are committed to providing reasonable accommodations to applicants with physical and mental disabilities.

Job Tags

Similar Jobs