Senior GRC Implementation Engineer (FedRAMP/SOC2) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Moraph · 1 day ago

Senior GRC Implementation Engineer (FedRAMP/SOC2)

positionSioux Falls, SD
timeFull-time
remoteOnsite
senioritySenior Level
date5+ years exp

Moraph is a company that views compliance as a sovereign architecture, seeking a Senior GRC Implementation Engineer to bridge the gap between regulatory frameworks and deployable code. The role involves engineering 'Compliance by Design' into secure environments to ensure FedRAMP High and SOC 2 Type II compliance.

Agentic AIAI InfrastructureAnalyticsGenerative AIInformation TechnologySaaSSoftware
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Compliance as Code: Translate abstract regulatory controls (NIST SP 800-53, SOC 2) into concrete, automated infrastructure policies (using tools like Terraform, Open Policy Agent, or similar)
Audit Defense & Evidence: Architect continuous monitoring solutions that automatically generate evidence for auditors, reducing manual 'screenshot' fatigue
Federal Authorization Management: Lead the technical implementation of FedRAMP High controls, including System Security Plan (SSP) technical writing and diagramming for authorization boundaries
Gap Analysis: Continuously test our sovereign cloud environments against emerging threats and updated regulatory standards, identifying non-compliance risks before they become findings
Cross-Team Translation: Serve as the translator between the Engineering/DevOps teams and external Auditors/Authorizing Officials, ensuring technical reality matches regulatory requirements

Qualification

FedRAMP complianceNIST SP 800-53Infrastructure-as-codeCybersecurity experienceTechnical documentationPythonBashSOC 2 compliance

Required

Must possess an active Top Secret security clearance. Candidate must be eligible for Sensitive Compartmented Information (SCI) read-on immediately
5+ years of experience in Cybersecurity, GRC, or Information Assurance, with at least 2 years focused on FedRAMP, FISMA, or IL5/IL6 environments
Ability to read and understand infrastructure-as-code (Terraform/CloudFormation) and scripting languages (Python/Bash) to audit automated environments
Deep, working knowledge of NIST SP 800-53 (Rev 4/5) and SOC 2 Trust Services Criteria
Proven ability to author technical artifacts (SSPs, POAMs, SAPs) that pass scrutiny from 3PAOs and government accreditors

Company

Moraph

twittertwittertwitter
company-logo
Moraph provides data science, BI, and ML services for regulated sectors, from data pipelines to dashboards and governance.
dateFounded in 1995
location
New York, New York, USA
people-size1001-5000 employees
web-link
https://www.moraph.com

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Gaston Malik
Chief Data Officer
linkedin
leader-logo
Simon Malian
Managing Director, Computational Research Lab & Chief Information Security Officer
linkedin
Company data provided by crunchbase