Security Engineer 4 - Fedramp Compliance Architect

Summary

Join PagerDuty as a Security Engineer 4 - FedRAMP Compliance Architect and design, implement, and maintain secure architectures meeting FedRAMP requirements in a multi-tenant cloud environment. You will leverage your FedRAMP expertise and technical skills to create scalable, secure solutions, bridging security compliance and technical implementation. Collaborate with various teams to ensure our cloud infrastructure meets federal security standards. Support annual assessments, security control reviews, and audits, and contribute to the development and maintenance of crucial FedRAMP documentation. This role requires extensive experience in cloud security architecture, compliance, and FedRAMP, along with strong communication skills. PagerDuty offers a competitive salary, comprehensive benefits, flexible work arrangements, and a supportive work environment.

Requirements

• 5+ years of experience in cloud security architecture, compliance, or cybersecurity engineering, with at least 3 years of experience supporting FedRAMP Moderate or High authorization
• Deep expertise in FedRAMP, NIST 800-53, FISMA, and cloud security best practices
• Strong ability to assess security risks and recommend technical and procedural mitigations
• Experience working with AWS GovCloud, Azure Government, or other federal cloud environments
• Experience with audit preparation, risk assessments, and working with third-party assessors (3PAOs)
• Exceptional written and verbal communication skills for creating and managing FedRAMP documentation
• Must be a U.S. Person (i.e. U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee)

Responsibilities

• Design, implement, and maintain system architectures to align with FedRAMP requirements
• Serve as the subject matter expert (SME) on FedRAMP, advising internal teams on security best practices, control implementations, and risk mitigation strategies
• Collaborate with engineering, operations, product, and corporate IT teams to develop secure cloud-based architectures that meet federal compliance mandates
• Implement governance strategy on technical security controls, including access management, configuration, encryption, logging, monitoring, and vulnerability management
• Support annual assessments, security control reviews, and audits, coordinating with third-party assessors (3PAO) and government sponsors
• Technical support for external stakeholders on customer responsibilities
• Key contributor to the development and maintenance of the System Security Plan (SSP), Policies and Procedures, Configuration Management Plan, Secure System Development Life Cycle, and other FedRAMP documentation
• Partner with the GRC (Governance, Risk, and Compliance) team to efficiently track and resolve security findings

Preferred Qualifications

• Experience supporting DoD IL 4 or 5 environments
• Experience with data governance frameworks, secure data storage, and data lifecycle management in multi-tenant cloud environments
• Understanding of NIST AI Risk Management Framework (AI RMF) and its implications for secure AI adoption in government environments
• Familiar with SaaS security tools (such as Sumo Logic, Datadog, Crowdstrike, Wiz, Lucidchart, Snyk, and Qualys)
• Familiarity with Cloud Native and SaaS constructs, including architectures, DevOps, CI/CD, and SecOps disciplines
• Certified Information Systems Security Professional (CISSP)
• AWS Security Specialty, or equivalent
• CompTIA Advanced Security Practitioner (CASP+)
• Certificate of Cloud Security Knowledge (CCSK)

Benefits

• Competitive salary
• Comprehensive benefits package from day one
• Flexible work arrangements
• Company equity
• ESPP (Employee Stock Purchase Program)
• Retirement or pension plan
• Generous paid vacation time
• Paid holidays and sick leave
• Dutonian Wellness Days & HibernationDuty - companywide paid days off in addition to PTO
• Paid parental leave: 22 weeks for pregnant parent, 12 weeks for non-pregnant parent (some countries have longer leave standards and we comply with local laws)
• Paid volunteer time off: 20 hours per year
• Company-wide hack weeks
• Mental wellness programs
• Bonus
• Commission
• Equity