Security Engineer (AWS)

TL;DR

Security Engineer (AWS/Cloud Security): Configuring and maintaining AWS WAF policies and security tooling for CMS FISMA systems and CI/CD pipelines with an accent on cloud security engineering and compliance. Focus on automating DevSecOps checks, managing vulnerability triage, and ensuring audit-readiness against NIST 800-53 controls.

Location: Remote (US)

Salary: $165,000 (midpoint)

Company

hirify.global (Tantus) provides professional services across consulting, technology, and compliance to public and private sectors.

What you will do

• Configure, tune, and document AWS WAF policies for CMS OIT and QualityNet environments.
• Support detection triage using Security Hub, GuardDuty, and Inspector, including rule tuning and vulnerability management.
• Implement defense-in-depth controls aligned with CIS and NIST benchmarks.
• Automate CI/CD pipeline security checks and embed DevSecOps best practices.
• Support cloud migration from QualityNet AWS to CMS OIT Hybrid AWS.
• Maintain records of security tooling changes for CMS oversight and audit readiness.

Requirements

• Bachelor's degree in Cybersecurity, Computer Science, IT, or a related field.
• 7+ years of cybersecurity engineering or cloud security experience in a federal IT environment.
• Hands-on expertise with AWS security services: WAF, Security Hub, GuardDuty, Inspector, and IAM.
• Experience with FISMA compliance, NIST 800-53 controls, and ATO documentation.
• Proficiency with vulnerability scanning tools such as Tenable and Nessus.

Culture & Benefits

• Flexible Time Off (FTO) policy activated on the first day of employment.
• 401(k) with employer contributions and HSA employer contribution.
• Comprehensive health, dental, vision, life, and disability insurance.
• Paid Parental Bonding Leave and tuition reimbursement.
• FORCE community volunteer program offering up to four hours of paid time annually.