Mission
Own application and infrastructure security across Albright. Lead the SOC2 Type II program, prepare the FedRAMP-Moderate posture, and build the security culture that makes audit a non-event.
Responsibilities
- Own SOC2 controls, evidence collection, and annual audit
- Lead FedRAMP-Moderate readiness — control gap analysis, SSP authorship
- Run vulnerability management and pentest programs
- Establish secure SDLC — SAST, SCA, secrets scanning, dependency policy
- Partner with platform on K8s admission control, network policy, secret mgmt
- Lead incident response for security events
- Train engineers on secure-by-default patterns
Required qualifications
- 5+ years security engineering
- Demonstrated SOC2 Type II program ownership
- Strong knowledge of cloud and K8s security
- CISSP, OSCP, or equivalent practical credential
Preferred qualifications
- Hands-on FedRAMP, CMMC, or StateRAMP authorization experience
- Active Secret clearance
- Background at a federal contractor or fintech
- Open-source contributions to security tooling