Cloud Security Engineer
Role details
Job location
Tech stack
Job description
C2 Labs is hiring a Security Engineer (Cloud Security Engineer) to support FedRAMP authorization acceleration and ongoing ConMon for defense-focused startups and companies deploying production workloads on Azure Government. You'll implement security controls, build repeatable evidence pipelines, and help make ConMon feel like an operational routine-not a monthly fire drill.
What you'll do
-
Implement and tune cloud security controls (IAM, logging, vulnerability management, configuration baselines, incident readiness).
-
Configure security tooling and integrations to produce repeatable evidence for authorization and ConMon.
-
Support remediation and hardening workstreams, including vulnerability scan remediation support.
-
Help automate evidence exports / reporting inputs where feasible and keep operations sustainable post-authorization.
Role summary
Implement and operationalize technical security controls in customer cloud environments and build the telemetry/evidence pipelines that support FedRAMP 20X validation and ongoing ConMon. This role partners closely with the Cloud Architect and the technical writing team to ensure controls are not only implemented-but continuously evidenced.
Key responsibilities
-
Implement and tune cloud security controls aligned to FedRAMP expectations (identity, logging, vulnerability management, configuration baselines, incident readiness).
-
Configure security tooling and integrations that generate repeatable evidence (e.g., vulnerability scanners, CSPM, SIEM/log aggregation, ticketing workflows).
-
Support vulnerability remediation and hardening activities (secure configurations, patching workflows, baseline images, configuration drift management).
-
Design and document evidence-producing processes and runbooks (what is collected, how, by whom, and on what cadence).
-
Support ongoing ConMon operations by producing/validating technical evidence inputs and assisting with POA&M remediation tracking.
-
Partner with writers to ensure technical narratives are accurate and match what is deployed; support assessor/sponsor technical Q&A as needed.
-
Where feasible, develop lightweight automation (scripts/APIs) to export evidence artifacts for GRC ingestion and reporting.
Key deliverables / outputs
-
Configured security tooling and evidence outputs aligned to controls/KSIs.
-
Hardening/remediation recommendations and implementation support (with documented changes).
-
Runbooks and operational procedures for evidence generation and validation cadence.
-
Technical evidence inputs for ConMon cycles (e.g., scan outputs, logging configurations, control state reports)., * Work is typically in Azure Government environments supporting FedRAMP 20X and/or legacy packages.
Requirements
-
5+ years security engineering experience, including cloud security implementation and operations.
-
Hands-on experience with vulnerability management and secure configuration practices.
-
Working familiarity with cloud logging/monitoring, IAM guardrails, encryption/key management, and incident response readiness.
-
Comfort scripting/automation (PowerShell, Python, bash) and working with APIs/integrations.
-
Ability to communicate technical findings clearly to non-engineers and support audit/assessment discussions.
Preferred / nice to have
-
Bachelor's degree in Computer Science, Engineering, IT, or related field
-
Azure security experience (Defender for Cloud, Sentinel/Log Analytics, Azure Policy, PIM) and/or Azure Government experience.
-
Experience supporting NIST 800-53 / FedRAMP assessments, remediation, or ConMon deliverables.
-
Security+ / AZ-500 / CISSP or similar certifications.
-
Experience integrating evidence into GRC platforms (RegScale preferred).
Tools & environment
-
Cloud security tooling (customer-specific): vulnerability scanner, CSPM, SIEM/log pipeline, ticketing workflows
-
IaC and CI/CD tooling (Terraform/Bicep; GitHub Actions/Azure DevOps as applicable)
-
RegScale (linking technical evidence to controls/KSIs and ConMon cadence)
Engagement details
-
1099 independent contractor (initial engagement); project-based with potential extension into ConMon operations.
-
Remote-first; occasional on-site support only when customer environment requires it (rare).
-
No clearance required; must be able to pass a standard background check and sign NDA/SOW.
Benefits & conditions
- Applies AI tools to streamline workflows, enhance decision-making, and improve outcomes
- Understands the strengths and limitations of AI systems and exercises sound judgment in their use
- Continuously explores new AI capabilities and integrates them into day-to-day work where appropriate
- Uses AI in alignment with company and customer-specific policies, data privacy standards, and ethical guidelines
- Exercises discretion when using AI with sensitive or proprietary information
- Demonstrates awareness of bias, accuracy, and risk considerations when leveraging AI tools