Distinguished Security Engineer – FedRAMP High - Director Level
This is not a passive oversight role—this is your chance to take the helm of Saviynt's FedRAMP security mission and drive it from the front lines.
As the Distinguished Security Engineer (Director-Level Individual Contributor), you will own the technical and GRC execution that keeps our platform trusted, compliant, and ahead of evolving federal requirements. You'll be both strategist and engineer, blending hands-on security expertise with the leadership needed to guide our FedRAMP journey end-to-end.
We need someone who thrives on building, breaking, and improving—someone who can lead audits, run vulnerability scans, recommend and deploy controls, and directly shape our security architecture. This is your opportunity to immediately influence Saviynt’s security posture, partner with cross-functional teams, and make FedRAMP compliance a competitive advantage.
If you’re ready to own FedRAMP from the trenches to the boardroom—and make an immediate impact on the security backbone of one of the industry’s leading identity platforms—this is where you make it happen.
Your Mission: What You’ll Own and Drive
1. FedRAMP Leadership & Governance: Drive Certification and Trust
Lead Saviynt's entire FedRAMP program through certification, re-certification, and continuous monitoring cycles.
Develop and Maintain: Create and sustain the System Security Plan (SSP) and all FedRAMP-required documentation.
Direct ConMon: Lead monthly Continuous Monitoring (ConMon) meetings, ensuring technical issues are surfaced, resolved, and documented immediately.
Validate Artifacts: Personally review and validate all FedRAMP artifacts—audit reports, gap analysis, POA&Ms, and compliance forms.
Serve as POC: Be the primary Governance POC for internal teams, customers, and Federal auditors.
2. Hands-On Security Engineering: Build, Scan, and Secure
Execute technical security controls within our mission-critical Federal environments.
Architect and Integrate: Design and integrate secure solutions for AWS, Azure, containers, Kubernetes, and modern applications relevant to the FedRAMP platform.
Hunt & Mitigate: Independently run vulnerability scans, analyze results, determine exploitability, and rapidly deploy mitigations across the environment.
Enhance Detection: Recommend and implement monitoring enhancements; actively analyze detection alerts to identify and respond to threats.
Automate Compliance:Automate GRC workflows to drastically improve the speed, accuracy, and scalability of compliance processes.
3. Cross-Functional Security Enablement: Embed Security Everywhere
Partner with core business and technology teams to embed security and compliance from inception to deployment.
Embed Early: Proactively partner with product, engineering, and operations to embed security and compliance requirements early in the development lifecycle.
Translate Requirements: Convert complex technical audit requirements into clear, actionable engineering deliverables.
Support Engagement: Support sales and customer success by addressing client compliance and security queries, acting as a trusted security expert.
Manage Risk: Conduct risk assessments, track remediation efforts, and maintain a comprehensive risk register.
Contract Review: Review vendor and customer contracts for security clauses, driving favorable compliance outcomes.
4. Compliance Expansion: Scale the GRC Foundation
Grow and formalize our overarching compliance framework.
Expand Reach: Contribute to and execute on other compliance programs including ISO 27001, PCI-DSS, SOC 1, and SOC 2.
Document Strategy: Develop and update core security documentation: policies, standards, incident response plans, and contingency plans.
Measure Posture:Establish and maintain metrics that clearly measure the GRC posture and inform leadership decisions.
Lead Training: Drive security awareness and training initiatives across the organization.
What You Bring: Your Qualifications for Command
U.S. Citizenship is required.
15+ years of hands-on security architecture/engineering experience with cloud, containers, and modern app environments.
FedRAMP Authority: Proven leadership in FedRAMP environments with absolute mastery of NIST RMF and SP 800-53 Rev 5 controls.
Technical Expertise: Strong technical knowledge of secure solutions for AWS, Azure, Kubernetes, and modern application security practices.
Dual Leadership: Demonstrated ability to both lead compliance strategy (policy, documentation, risk) and execute technical controls directly (scanning, mitigation, architecture).
Agile & Executive Ready: Experience managing Agile projects and delivering polished, effective technical governance updates to executive audiences.
Vulnerability Expertise: Deep experience with vulnerability management, continuous monitoring, and the POA&M processes.
Influence: Strong stakeholder influence and cross-team collaboration skills essential for driving organizational change.
The candidate must:
Meet US persons on US soil requirements.
Undergo full background investigation/screening.
Undergo IAL3 requirements (Identity proofing to include I-9 document verification, biometric collection, and mailing address confirmation).
If required for this role, you will:
- Complete security & privacy literacy and awareness training during onboarding and annually thereafter
- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):
> Data Classification, Retention & Handling Policy
> Incident Response Policy/Procedures
> Business Continuity/Disaster Recovery Policy/Procedures
> Mobile Device Policy
> Account Management Policy
> Access Control Policy
> Personnel Security Policy
> Privacy Policy
Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work which directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!
Saviynt is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Distinguished Security Engineer – FedRAMP High - Director Level
This is not a passive oversight role—this is your chance to take the helm of Saviynt's FedRAMP security mission and drive it from the front lines.
As the Distinguished Security Engineer (Director-Level Individual Contributor), you will own the technical and GRC execution that keeps our platform trusted, compliant, and ahead of evolving federal requirements. You'll be both strategist and engineer, blending hands-on security expertise with the leadership needed to guide our FedRAMP journey end-to-end.
We need someone who thrives on building, breaking, and improving—someone who can lead audits, run vulnerability scans, recommend and deploy controls, and directly shape our security architecture. This is your opportunity to immediately influence Saviynt’s security posture, partner with cross-functional teams, and make FedRAMP compliance a competitive advantage.
If you’re ready to own FedRAMP from the trenches to the boardroom—and make an immediate impact on the security backbone of one of the industry’s leading identity platforms—this is where you make it happen.
Your Mission: What You’ll Own and Drive
1. FedRAMP Leadership & Governance: Drive Certification and Trust
Lead Saviynt's entire FedRAMP program through certification, re-certification, and continuous monitoring cycles.
Develop and Maintain: Create and sustain the System Security Plan (SSP) and all FedRAMP-required documentation.
Direct ConMon: Lead monthly Continuous Monitoring (ConMon) meetings, ensuring technical issues are surfaced, resolved, and documented immediately.
Validate Artifacts: Personally review and validate all FedRAMP artifacts—audit reports, gap analysis, POA&Ms, and compliance forms.
Serve as POC: Be the primary Governance POC for internal teams, customers, and Federal auditors.
2. Hands-On Security Engineering: Build, Scan, and Secure
Execute technical security controls within our mission-critical Federal environments.
Architect and Integrate: Design and integrate secure solutions for AWS, Azure, containers, Kubernetes, and modern applications relevant to the FedRAMP platform.
Hunt & Mitigate: Independently run vulnerability scans, analyze results, determine exploitability, and rapidly deploy mitigations across the environment.
Enhance Detection: Recommend and implement monitoring enhancements; actively analyze detection alerts to identify and respond to threats.
Automate Compliance:Automate GRC workflows to drastically improve the speed, accuracy, and scalability of compliance processes.
3. Cross-Functional Security Enablement: Embed Security Everywhere
Partner with core business and technology teams to embed security and compliance from inception to deployment.
Embed Early: Proactively partner with product, engineering, and operations to embed security and compliance requirements early in the development lifecycle.
Translate Requirements: Convert complex technical audit requirements into clear, actionable engineering deliverables.
Support Engagement: Support sales and customer success by addressing client compliance and security queries, acting as a trusted security expert.
Manage Risk: Conduct risk assessments, track remediation efforts, and maintain a comprehensive risk register.
Contract Review: Review vendor and customer contracts for security clauses, driving favorable compliance outcomes.
4. Compliance Expansion: Scale the GRC Foundation
Grow and formalize our overarching compliance framework.
Expand Reach: Contribute to and execute on other compliance programs including ISO 27001, PCI-DSS, SOC 1, and SOC 2.
Document Strategy: Develop and update core security documentation: policies, standards, incident response plans, and contingency plans.
Measure Posture:Establish and maintain metrics that clearly measure the GRC posture and inform leadership decisions.
Lead Training: Drive security awareness and training initiatives across the organization.
What You Bring: Your Qualifications for Command
U.S. Citizenship is required.
15+ years of hands-on security architecture/engineering experience with cloud, containers, and modern app environments.
FedRAMP Authority: Proven leadership in FedRAMP environments with absolute mastery of NIST RMF and SP 800-53 Rev 5 controls.
Technical Expertise: Strong technical knowledge of secure solutions for AWS, Azure, Kubernetes, and modern application security practices.
Dual Leadership: Demonstrated ability to both lead compliance strategy (policy, documentation, risk) and execute technical controls directly (scanning, mitigation, architecture).
Agile & Executive Ready: Experience managing Agile projects and delivering polished, effective technical governance updates to executive audiences.
Vulnerability Expertise: Deep experience with vulnerability management, continuous monitoring, and the POA&M processes.
Influence: Strong stakeholder influence and cross-team collaboration skills essential for driving organizational change.
The candidate must:
Meet US persons on US soil requirements.
Undergo full background investigation/screening.
Undergo IAL3 requirements (Identity proofing to include I-9 document verification, biometric collection, and mailing address confirmation).
If required for this role, you will:
- Complete security & privacy literacy and awareness training during onboarding and annually thereafter
- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):
> Data Classification, Retention & Handling Policy
> Incident Response Policy/Procedures
> Business Continuity/Disaster Recovery Policy/Procedures
> Mobile Device Policy
> Account Management Policy
> Access Control Policy
> Personnel Security Policy
> Privacy Policy
Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work which directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!
Saviynt is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.