Job Title: Security Engineer (GRC / SSP Lead)
Location: Austin, TX 78751 (Hybrid – 3 days remote / 2 days onsite: Monday & Thursday)
Local candidates only (within 50-mile radius of Austin, TX)
Employment Type: Contract
Schedule: Monday–Friday, 8:00 AM – 5:00 PM
Position Overview
We are seeking a senior Security Engineer / Systems Analyst III with deep expertise in Governance, Risk, and Compliance (GRC) and System Security & Privacy Plans (SSP/SSPP).
This role will lead security governance, compliance, and risk management initiatives while ensuring audit readiness and secure delivery of public-facing services across complex, multi-platform environments.
The ideal candidate will bridge technical security operations with regulatory compliance and have extensive experience with federal or state security frameworks.
Key Responsibilities
Security Governance & Compliance
- Lead end-to-end development, maintenance, and updates of System Security & Privacy Plans (SSP/SSPP)
- Manage POA&M activities and drive timely remediation of compliance gaps
- Produce assessor-ready documentation including configurations, monitoring evidence, approvals, and incident traceability
- Support continuous audit readiness and reduce repeat findings through strong governance practices
Risk & Vulnerability Management
- Translate penetration testing and vulnerability findings into actionable remediation tasks (EPICs/user stories)
- Oversee risk-based vulnerability management and SLA-driven remediation
- Coordinate validation and re-testing of remediated issues
Security Oversight
- Provide governance oversight for endpoint protection, web application security, and cloud security controls
- Ensure alignment with Secure SDLC and DevSecOps practices
- Collaborate across security, infrastructure, and application teams
Required Qualifications
- 12+ years of experience in Governance, Risk, and Compliance (GRC), enterprise security, and security architecture
- 12+ years of experience in vulnerability management and penetration testing oversight
- 10+ years of hands-on experience owning SSP development end-to-end
- 10+ years of experience with CMS MARS-E v2.2 or comparable federal/state security frameworks
- 10+ years of experience with control documentation, audit evidence collection, and POA&M management
- 8+ years of experience translating technical security issues into compliance-aligned remediation actions
- 8+ years of stakeholder management experience across security, infrastructure, and application teams
- 8+ years of strong written and executive-level communication skills
- Deep knowledge of NIST 800-53, NIST RMF, and privacy controls
- Experience with Secure SDLC and DevSecOps practices
Preferred Qualifications
- Experience in multi-vendor, multi-platform environments
- Demonstrated ability to reduce repeat audit findings and improve compliance maturity
- Experience mentoring teams on security governance best practices
- Prior experience supporting large state agency systems and compliance programs
Additional Information
- Hybrid role: 2 days onsite required (Monday & Thursday)
- Candidates must already reside in Texas
- Occasional evening or weekend work may be required
- Overtime must be pre-approved
- Interviews will be conducted in person
PriceSenz is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, or disability.
