Cloud Security Engineer

C2 Labs, Inc
Knoxville, United States of America
3 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Knoxville, United States of America

Tech stack

API
Azure
Bash
Cloud Computing
Cloud Computing Security
Continuous Integration
Github
Identity and Access Management
Python
Key Management
Log Analysis
Powershell
Runbook
Security Information and Event Management
Software Vulnerability Management
Data Logging
Information Technology
Bicep
RSA Archer Platform
Terraform
Plan of Action and Milestones
Vulnerability Analysis

Job description

C2 Labs is hiring a Security Engineer (Cloud Security Engineer) to support FedRAMP authorization acceleration and ongoing ConMon for defense-focused startups and companies deploying production workloads on Azure Government. You'll implement security controls, build repeatable evidence pipelines, and help make ConMon feel like an operational routine-not a monthly fire drill.

What you'll do

  • Implement and tune cloud security controls (IAM, logging, vulnerability management, configuration baselines, incident readiness).

  • Configure security tooling and integrations to produce repeatable evidence for authorization and ConMon.

  • Support remediation and hardening workstreams, including vulnerability scan remediation support.

  • Help automate evidence exports / reporting inputs where feasible and keep operations sustainable post-authorization.

Role summary

Implement and operationalize technical security controls in customer cloud environments and build the telemetry/evidence pipelines that support FedRAMP 20X validation and ongoing ConMon. This role partners closely with the Cloud Architect and the technical writing team to ensure controls are not only implemented-but continuously evidenced.

Key responsibilities

  • Implement and tune cloud security controls aligned to FedRAMP expectations (identity, logging, vulnerability management, configuration baselines, incident readiness).

  • Configure security tooling and integrations that generate repeatable evidence (e.g., vulnerability scanners, CSPM, SIEM/log aggregation, ticketing workflows).

  • Support vulnerability remediation and hardening activities (secure configurations, patching workflows, baseline images, configuration drift management).

  • Design and document evidence-producing processes and runbooks (what is collected, how, by whom, and on what cadence).

  • Support ongoing ConMon operations by producing/validating technical evidence inputs and assisting with POA&M remediation tracking.

  • Partner with writers to ensure technical narratives are accurate and match what is deployed; support assessor/sponsor technical Q&A as needed.

  • Where feasible, develop lightweight automation (scripts/APIs) to export evidence artifacts for GRC ingestion and reporting.

Key deliverables / outputs

  • Configured security tooling and evidence outputs aligned to controls/KSIs.

  • Hardening/remediation recommendations and implementation support (with documented changes).

  • Runbooks and operational procedures for evidence generation and validation cadence.

  • Technical evidence inputs for ConMon cycles (e.g., scan outputs, logging configurations, control state reports)., * Work is typically in Azure Government environments supporting FedRAMP 20X and/or legacy packages.

Requirements

  • 5+ years security engineering experience, including cloud security implementation and operations.

  • Hands-on experience with vulnerability management and secure configuration practices.

  • Working familiarity with cloud logging/monitoring, IAM guardrails, encryption/key management, and incident response readiness.

  • Comfort scripting/automation (PowerShell, Python, bash) and working with APIs/integrations.

  • Ability to communicate technical findings clearly to non-engineers and support audit/assessment discussions.

Preferred / nice to have

  • Bachelor's degree in Computer Science, Engineering, IT, or related field

  • Azure security experience (Defender for Cloud, Sentinel/Log Analytics, Azure Policy, PIM) and/or Azure Government experience.

  • Experience supporting NIST 800-53 / FedRAMP assessments, remediation, or ConMon deliverables.

  • Security+ / AZ-500 / CISSP or similar certifications.

  • Experience integrating evidence into GRC platforms (RegScale preferred).

Tools & environment

  • Cloud security tooling (customer-specific): vulnerability scanner, CSPM, SIEM/log pipeline, ticketing workflows

  • IaC and CI/CD tooling (Terraform/Bicep; GitHub Actions/Azure DevOps as applicable)

  • RegScale (linking technical evidence to controls/KSIs and ConMon cadence)

Engagement details

  • 1099 independent contractor (initial engagement); project-based with potential extension into ConMon operations.

  • Remote-first; occasional on-site support only when customer environment requires it (rare).

  • No clearance required; must be able to pass a standard background check and sign NDA/SOW.

Benefits & conditions

  • Applies AI tools to streamline workflows, enhance decision-making, and improve outcomes
  • Understands the strengths and limitations of AI systems and exercises sound judgment in their use
  • Continuously explores new AI capabilities and integrates them into day-to-day work where appropriate
  • Uses AI in alignment with company and customer-specific policies, data privacy standards, and ethical guidelines
  • Exercises discretion when using AI with sensitive or proprietary information
  • Demonstrates awareness of bias, accuracy, and risk considerations when leveraging AI tools

Apply for this position