Compliance Engineer

Make a difference here.

UltraViolet Cyber is a leading platform-enabled unified security operations company providing a comprehensive suite of security operations solutions. Founded and operated by security practitioners with decades of experience, the UltraViolet Cyber security-as-code platform combines technology innovation and human expertise to make advanced real-time cybersecurity accessible for all organizations by eliminating risks of separate red and blue teams.

By creating continuously optimized identification, detection, and resilience from today’s dynamic threat landscape, UltraViolet Cyber provides both managed and custom-tailored unified security operations solutions to the Fortune 500, Federal Government, and Commercial clients. UltraViolet Cyber is headquartered in McLean, Virginia, with global offices across the U.S. and in India. 

UltraViolet Cyber is seeking an experienced Compliance Engineer supporting a Zero Trust Architecture deployment for a large-scale network enterprise environment. This role will be responsible for ensuring compliance with standards, regulatory requirements, and policies.

What You'll Do:

• Advises on compliance, audit and/or security requirements in association with applicable standards/regulations and/or best practices, including NIST and FISMA.
• Supports multiple audiences (of varying technical proficiency) in developing and following appropriate security and privacy controls around IT operations.
• Acts as a point of contact for external assessments related to achieving required certifications and customer contractual requirements.
• Assists with internal risk assessment, audits, and benchmarking of security policies against regulations and standards across multiple business segments and products.
• Operates as an internal consultant, researching and recommending changes to enhance or streamline quality and information security procedures, including internal and external auditing.
• Reviews hosting, security, and audit contract terms and ensures compliance to current policies and processes.
• Assists with the oversight to help maintain governance functions, including security policy and process development and updates.
• Interfaces with external auditors to discuss security or IT hosting operations-related concerns during audits and collect and defend relevant evidence.
• Coordinates responses to RFP and security questionnaires.
• Follows established processes and procedures to ensure compliance with the policy.
• Maintains multiple complex programs with little supervision, escalating issues as appropriate.
• Communicates regularly with, GRC, IT, and PM teams

What You Have:

• Bachelor's Degree in Computer Science or related field
• 5+ years of experience in GRC and/or IT audit-related projects
• Advanced knowledge of NIST 800, FedRAMP, FISMA, ISO 27001, and other related industry standards
• 3+ years of experience with IT controls, best practices, and procedures
• Experience with cloud-hosted, on-prem, and hybrid application deployment
• Ability to create and interpret implementation-specific documentation such as Operational Viewpoint (OV), Systems Viewpoint (SV), and data flow diagrams.
• Experience validating Identity and Access management (IAM) architectures in enterprise Zero Trust environments.
• Working knowledge of Zero Trust best practices per NIST and CISA.
• Experience working with SASE and Zero Trust solution from vendors including, but not limited to Cisco, Cloudflare, Palo Alto, Microsoft, Netskope, and Zscaler. 
• An understanding of SD-Access, SD-WAN, CASB, SWG, MFA, FWaaS, ZTNA
• Strong communication and collaboration skills
• Certifications such as CISSP, CISM, CCZT, GDSA, GSEC, and ZTCA are a plus

What We Offer:

• 401(k), including an employer match of 100% of the first 3% contributed and 50% of the next 2% contributed  
• Medical, Dental, and Vision Insurance (available on the 1st day of the month following your first day of employment)  
• Group Term Life, Short-Term Disability, Long-Term Disability  
• Voluntary Life, Hospital Indemnity, Accident, and/or Critical Illness  
• Participation in the Discretionary Time Off (DTO) Program  
• 11 Paid Holidays Annually 

UltraViolet Cyber maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect our company's differing products, services, industries and lines of business. Candidates are typically placed into the range based on the preceding factors.

We sincerely thank all applicants in advance for submitting their interest in this position. We know your time is valuable.

UltraViolet Cyber welcomes and encourages diversity in the workplace regardless of race, gender, religion, age, sexual orientation, gender identity, disability, or veteran status. 

If you want to make an impact, UltraViolet Cyber is the place for you!