Wiz · 1 day ago
Senior Compliance Operations Engineer
United States
Full-time
Remote
Senior Level
$204K/yr - $281K/yr
7+ years expWiz is a fast-growing startup reinventing cloud security and empowering businesses to thrive in the cloud. The Senior Compliance Operations Engineer will operationalize and improve compliance in FedRAMP High and DoD IL5 cloud environments, ensuring services meet federal and defense standards while driving productivity and collaboration.
Cloud SecurityCyber SecurityEnterprise SoftwareSecurity
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Document security controls and architectures that satisfy FedRAMP High baseline requirements and DoD Cloud Computing Security Requirements Guide (SRG) overlays for Impact Level 5 (including handling of high-sensitivity CUI and unclassified National Security Systems)
Oversee continuous monitoring (ConMon) programs including vulnerability scanning, configuration monitoring, log aggregation/analysis, boundary protection validation, and monthly/ongoing reporting to meet FedRAMP and DoD expectations
Translate NIST 800-53 Rev. 5 controls and DoD-specific enhancements into operational requirements; partner with engineering, DevOps, and product teams to embed compliance into their processes
Lead preparation, evidence collection, and remediation for FedRAMP reassessments, 3PAO audits, DoD Provisional Authorizations, Significant Change Requests (SCRs), and contribute to Plan of Action & Milestones (POA&M) management
Automate compliance validation for control implementation verification and drift detection
Conduct technical risk assessments, root-cause analysis on compliance findings, and provide guidance for implementation of compensating controls or hardening measures in cloud environments
Support incident response and boundary protection activities in IL5 environments, ensuring alignment with DoD policies for mission-critical workloads
Maintain and update compliance documentation including System Security Plans (SSP), control implementation descriptions, architectural diagrams, and boundary definitions
Collaborate cross-functionally with legal, product, engineering, and federal customer teams to scope new features/services while preserving authorization boundaries
Mentor others on FedRAMP/DoD compliance best practices and contribute to internal training programs
Align and coordinate complex, cross-functional federal programs/projects which include FedRAMP and/or DoD authorizations and/or the operational process requirements needed to meet ongoing operational requirements
Qualification
Required
7+ years of hands-on experience in cloud security engineering, compliance operations, or GRC roles, with at least 4+ years directly supporting FedRAMP Moderate/High and DoD IL4/IL5 authorizations
In-depth expertise in NIST SP 800-53 Rev. 5, FedRAMP baselines (especially High), DoD Cloud SRG, and associated control overlays for IL5
Proven track record implementing and operating continuous monitoring in production FedRAMP and DoD IL4/IL5 environments, including vulnerability management, configuration compliance, and audit evidence generation
Strong experience with cloud platforms in government spaces (AWS GovCloud, Azure Government, Google Cloud for Government, or equivalent) and associated security services
U.S. Citizenship required (due to handling of CUI and potential access to controlled environments)
Active security certifications such as CISSP, CCSP, CISM, AWS/GCP/Azure Security Specialty, or DoD 8570/8140 IAT Level III / IAM Level III
Candidates must meet EAR part 772 and ITAR 120.15 definition of a U.S. person (Any individual who is granted U.S. citizenship; or any individual who is granted U.S. permanent residence (green card holder); or any individual who is granted status as a “protected person”) and that they reside in the contiguous United States
Preferred
Experience with DoD-specific tools/processes (e.g., eMASS, ACAS, HBSS, STIGs)
Experience with DoD BCAP architecture and configuration
Proficiency in automation/scripting (Python, Bash, PowerShell) and Infrastructure as Code (Terraform, Ansible, Puppet/Chef preferred)
Familiarity with tools for compliance automation and scanning (e.g., Chef InSpec, OpenSCAP, Qualys, Tenable, AWS-native tools, Azure Security Center)
Ability to obtain and maintain a U.S. Secret or higher security clearance (active clearance strongly preferred)
Knowledge of additional frameworks that overlap with FedRAMP/DoD (e.g., CMMC, NIST 800-171/172, FISMA)
Benefits
Medical, dental and vision insurance
Home Office Setup reimbursement
Flexible Spending Accounts
Monthly Connectivity reimbursement
Employee Assistance Program (EAP)
Short- and Long-term Disability Insurance
Life & Accident Insurance
401(k) Retirement Savings Plan (with employer match)
Flexible paid time off + 11 paid holidays
Paid leave programs, including parental, pregnancy health, medical and bereavement leave
Company
Wiz
Wiz is a cloud security platform that facilitates collaboration between security, dev, and DevOps teams.
501-1000 employees
Funding
Current Stage
Late StageTotal Funding
$2BKey Investors
SoftBank Vision FundAndreessen Horowitz,Lightspeed Venture Partners,Thrive CapitalGreenoaks,Index Ventures,Lightspeed Venture Partners
2025-03-18Acquired
2024-11-18Series Unknown
2024-05-07Series E· $1B
Leadership Team
Assaf Rappaport
Co-Founder & CEO
Yinon Costica
Co-Founder and VP of Product
Recent News
Crunchbase News
2026-02-04
Company data provided by crunchbase