Software Development Advisor

Cybersecurity & Compliance Engineer (Hands-On Role)

Overview

We are seeking a hands-on Cybersecurity & Compliance Engineer to ensure continuous compliance with NIST privacy and security controls, maintain the integrity of our platform through vulnerability and penetration testing, and support both internal and client-facing security engagements.
This role will also be responsible for developing quantitative and qualitative measures, metrics, and dashboards to monitor compliance posture, threat exposure, and control performance.

The ideal candidate will be equally comfortable executing vulnerability assessments, performing hands-on testing, designing compliance metrics, mapping controls to frameworks, and collaborating with clients and internal teams on audits, opportunities, and continuous improvement initiatives.

Key Responsibilities

1. Continuous Compliance Management

• Maintain and continuously monitor compliance with NIST SP 800-53, NIST 800-171, and related privacy and security control frameworks.
• Conduct control assessments and evidence collection to support ongoing compliance and readiness for audits.
• Develop and maintain documentation, policies, and procedures supporting security and privacy compliance initiatives.
• Coordinate remediation activities and track closure of nonconformities or control gaps.
• Design and implement compliance metrics and dashboards to measure control effectiveness, risk trends, and audit readiness across business units.

2. Vulnerability & Penetration Testing

• Perform hands-on vulnerability scanning, manual verification, and exploitation in controlled environments.
• Conduct internal and external penetration tests, web application assessments, and infrastructure testing (cloud and on-prem).
• Validate and communicate findings, prioritize based on risk, and collaborate with engineering teams to drive remediation.
• Maintain testing scripts, tools, and methodologies consistent with industry best practices (e.g., OWASP, MITRE ATT&CK).
• Track and visualize vulnerability trends, remediation SLAs, and recurring issues using security dashboards and KPI reports.

3. Research, Standards Alignment, and Gap Assessments

• Evaluate new and emerging security and privacy frameworks (e.g., ISO 27001, SOC 2, CMMC, CIS, NIST Privacy Framework).
• Perform detailed gap assessments against applicable frameworks and client security requirements.
• Provide strategic recommendations for strengthening controls and enhancing compliance posture.
• Collaborate with architecture and DevSecOps teams to embed new standards into design and delivery processes.
• Develop maturity models and benchmark metrics to measure progress toward compliance with evolving standards.

4. Client Engagement and Audit Support

• Participate in client due diligence, RFP, and security questionnaire responses.
• Support internal and external audits by preparing evidence, addressing findings, and demonstrating compliance maturity.
• Represent the organization in client security discussions and technical review meetings.
• Provide clear, professional, and technical documentation to support audit and compliance activities.
• Generate data-driven reporting and visualizations that communicate compliance status, control effectiveness, and audit trends to clients and leadership.

5. Metrics, Measurement, and Reporting

• Design and maintain cybersecurity and compliance dashboards that integrate data from vulnerability management, compliance tracking, SIEM, and ticketing systems.
• Define and maintain Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) aligned to organizational goals and NIST control families.
• Automate data collection and reporting processes to ensure timely visibility into security posture.
• Work with leadership to translate metrics into actionable insights for continuous improvement.

Qualifications

Required:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience).
• 5+ years of experience in cybersecurity compliance, penetration testing, or risk management.
• Strong understanding of NIST frameworks (SP 800-53, 800-171, 800-37, and Privacy Framework).
• Experience with vulnerability management and penetration testing tools (e.g., Nessus, Burp Suite, Metasploit, Nmap, Qualys).
• Demonstrated ability to interpret and apply security controls in both cloud and on-prem environments.
• Proven ability to design and maintain performance metrics, dashboards, and reporting frameworks.
• Excellent communication skills for technical and client-facing documentation.

Preferred:

• Industry certifications such as CISSP, CISA, CEH, OSCP, or similar.
• Experience with Azure, AWS, or hybrid cloud compliance controls.
• Familiarity with GRC platforms (e.g., Archer, ServiceNow, 6clicks) and data visualization tools (e.g., Power BI, Tableau, Grafana).
• Experience supporting FedRAMP, SOC 2, ISO 27001, or CMMC compliance programs.

Core Competencies

• Deep understanding of security and privacy frameworks.
• Metrics-driven approach to compliance and risk management.
• Hands-on testing and technical validation skills.
• Strong analytical and visualization capabilities.
• Collaborative and client-focused mindset.
• Continuous learning and curiosity for evolving standards and technologies.