Wiz · 1 day ago
Senior Compliance Operations Engineer
United States
Full-time
Remote
Senior Level
$204K/yr - $281K/yr
7+ years expWiz is a fast-growing startup focused on reinventing cloud security and empowering businesses. They are seeking a Senior Compliance Operations Engineer to operationalize and improve FedRAMP High and DoD IL5 compliant cloud environments, ensuring compliance with federal standards while enhancing productivity and efficiency.
Cloud SecurityCyber SecurityEnterprise SoftwareSecurity
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Document security controls and architectures that satisfy FedRAMP High baseline requirements and DoD Cloud Computing Security Requirements Guide (SRG) overlays for Impact Level 5 (including handling of high-sensitivity CUI and unclassified National Security Systems)
Oversee continuous monitoring (ConMon) programs including vulnerability scanning, configuration monitoring, log aggregation/analysis, boundary protection validation, and monthly/ongoing reporting to meet FedRAMP and DoD expectations
Translate NIST 800-53 Rev. 5 controls and DoD-specific enhancements into operational requirements; partner with engineering, DevOps, and product teams to embed compliance into their processes
Lead preparation, evidence collection, and remediation for FedRAMP reassessments, 3PAO audits, DoD Provisional Authorizations, Significant Change Requests (SCRs), and contribute to Plan of Action & Milestones (POA&M) management
Automate compliance validation for control implementation verification and drift detection
Conduct technical risk assessments, root-cause analysis on compliance findings, and provide guidance for implementation of compensating controls or hardening measures in cloud environments
Support incident response and boundary protection activities in IL5 environments, ensuring alignment with DoD policies for mission-critical workloads
Maintain and update compliance documentation including System Security Plans (SSP), control implementation descriptions, architectural diagrams, and boundary definitions
Collaborate cross-functionally with legal, product, engineering, and federal customer teams to scope new features/services while preserving authorization boundaries
Mentor others on FedRAMP/DoD compliance best practices and contribute to internal training programs
Align and coordinate complex, cross-functional federal programs/projects which include FedRAMP and/or DoD authorizations and/or the operational process requirements needed to meet ongoing operational requirements
Qualification
Required
7+ years of hands-on experience in cloud security engineering, compliance operations, or GRC roles, with at least 4+ years directly supporting FedRAMP Moderate/High and DoD IL4/IL5 authorizations
In-depth expertise in NIST SP 800-53 Rev. 5, FedRAMP baselines (especially High), DoD Cloud SRG, and associated control overlays for IL5
Proven track record implementing and operating continuous monitoring in production FedRAMP and DoD IL4/IL5 environments, including vulnerability management, configuration compliance, and audit evidence generation
Experience with DoD-specific tools/processes (e.g., eMASS, ACAS, HBSS, STIGs)
Experience with DoD BCAP architecture and configuration
Strong experience with cloud platforms in government spaces (AWS GovCloud, Azure Government, Google Cloud for Government, or equivalent) and associated security services
Proficiency in automation/scripting (Python, Bash, PowerShell) and Infrastructure as Code (Terraform, Ansible, Puppet/Chef preferred)
Familiarity with tools for compliance automation and scanning (e.g., Chef InSpec, OpenSCAP, Qualys, Tenable, AWS-native tools, Azure Security Center)
U.S. Citizenship required (due to handling of CUI and potential access to controlled environments)
Ability to obtain and maintain a U.S. Secret or higher security clearance (active clearance strongly preferred)
Active security certifications such as CISSP, CCSP, CISM, AWS/GCP/Azure Security Specialty, or DoD 8570/8140 IAT Level III / IAM Level III
Knowledge of additional frameworks that overlap with FedRAMP/DoD (e.g., CMMC, NIST 800-171/172, FISMA)
Candidates must meet EAR part 772 and ITAR 120.15 definition of a U.S. person (Any individual who is granted U.S. citizenship; or any individual who is granted U.S. permanent residence (green card holder); or any individual who is granted status as a 'protected person') and that they reside in the contiguous United States
Benefits
Medical, dental and vision insurance
Home Office Setup reimbursement
Flexible Spending Accounts
Monthly Connectivity reimbursement
Employee Assistance Program (EAP)
Short- and Long-term Disability Insurance
Life & Accident Insurance
401(k) Retirement Savings Plan (with employer match)
Flexible paid time off + 11 paid holidays
Paid leave programs, including parental, pregnancy health, medical and bereavement leave
Company
Wiz
Wiz is a cloud security platform that facilitates collaboration between security, dev, and DevOps teams.
501-1000 employees
Funding
Current Stage
Late StageTotal Funding
$2BKey Investors
SoftBank Vision FundAndreessen Horowitz,Lightspeed Venture Partners,Thrive CapitalGreenoaks,Index Ventures,Lightspeed Venture Partners
2025-03-18Acquired
2024-11-18Series Unknown
2024-05-07Series E· $1B
Leadership Team
Assaf Rappaport
Co-Founder & CEO
Yinon Costica
Co-Founder and VP of Product
Recent News
Crunchbase News
2026-02-04
Company data provided by crunchbase