Join the remote work revolution

Join over 100,000 job seekers who get tailored alerts and access to top recruiters.

Distinguished Security Engineer – FedRAMP High - Director Level

Saviynt is a leading provider of cloud-native identity and governance platform solutions, empowering enterprises to secure their digital transformation, safeguard critical assets, and meet regulatory compliance.

Saviynt

Employee count: 1001-5000

Stay safe on Himalayas

Never send money to companies. Jobs on Himalayas will never require payment from applicants.

This is not a passive oversight role—this is your chance to take the helm of Saviynt's FedRAMP security mission and drive it from the front lines.

As the Distinguished Security Engineer (Director-Level Individual Contributor), you will own the technical and GRC execution that keeps our platform trusted, compliant, and ahead of evolving federal requirements. You'll be both strategist and engineer, blending hands-on security expertise with the leadership needed to guide our FedRAMP journey end-to-end.

We need someone who thrives on building, breaking, and improving—someone who can lead audits, run vulnerability scans, recommend and deploy controls, and directly shape our security architecture. This is your opportunity to immediately influence Saviynt’s security posture, partner with cross-functional teams, and make FedRAMP compliance a competitive advantage.

If you’re ready to own FedRAMP from the trenches to the boardroom—and make an immediate impact on the security backbone of one of the industry’s leading identity platforms—this is where you make it happen.

Your Mission: What You’ll Own and Drive

1. FedRAMP Leadership & Governance: Drive Certification and Trust
Lead Saviynt's entire FedRAMP program through certification, re-certification, and continuous monitoring cycles.
Develop and Maintain: Create and sustain the System Security Plan (SSP) and all FedRAMP-required documentation.
Direct ConMon: Lead monthly Continuous Monitoring (ConMon) meetings, ensuring technical issues are surfaced, resolved, and documented immediately.
Validate Artifacts: Personally review and validate all FedRAMP artifacts—audit reports, gap analysis, POA&Ms, and compliance forms.
Serve as POC: Be the primary Governance POC for internal teams, customers, and Federal auditors.
2. Hands-On Security Engineering: Build, Scan, and Secure
Execute technical security controls within our mission-critical Federal environments.
Architect and Integrate: Design and integrate secure solutions for AWS, Azure, containers, Kubernetes, and modern applications relevant to the FedRAMP platform.
Hunt & Mitigate: Independently run vulnerability scans, analyze results, determine exploitability, and rapidly deploy mitigations across the environment.
Enhance Detection: Recommend and implement monitoring enhancements; actively analyze detection alerts to identify and respond to threats.
Automate Compliance:Automate GRC workflows to drastically improve the speed, accuracy, and scalability of compliance processes.
3. Cross-Functional Security Enablement: Embed Security Everywhere
Partner with core business and technology teams to embed security and compliance from inception to deployment.
Embed Early: Proactively partner with product, engineering, and operations to embed security and compliance requirements early in the development lifecycle.
Translate Requirements: Convert complex technical audit requirements into clear, actionable engineering deliverables.
Support Engagement: Support sales and customer success by addressing client compliance and security queries, acting as a trusted security expert.
Manage Risk: Conduct risk assessments, track remediation efforts, and maintain a comprehensive risk register.
Contract Review: Review vendor and customer contracts for security clauses, driving favorable compliance outcomes.
4. Compliance Expansion: Scale the GRC Foundation
Grow and formalize our overarching compliance framework.
Expand Reach: Contribute to and execute on other compliance programs including ISO 27001, PCI-DSS, SOC 1, and SOC 2.
Document Strategy: Develop and update core security documentation: policies, standards, incident response plans, and contingency plans.
Measure Posture:Establish and maintain metrics that clearly measure the GRC posture and inform leadership decisions.
Lead Training: Drive security awareness and training initiatives across the organization.

What You Bring: Your Qualifications for Command

U.S. Citizenship is required.
15+ years of hands-on security architecture/engineering experience with cloud, containers, and modern app environments.
FedRAMP Authority: Proven leadership in FedRAMP environments with absolute mastery of NIST RMF and SP 800-53 Rev 5 controls.
Technical Expertise: Strong technical knowledge of secure solutions for AWS, Azure, Kubernetes, and modern application security practices.
Dual Leadership: Demonstrated ability to both lead compliance strategy (policy, documentation, risk) and execute technical controls directly (scanning, mitigation, architecture).
Agile & Executive Ready: Experience managing Agile projects and delivering polished, effective technical governance updates to executive audiences.
Vulnerability Expertise: Deep experience with vulnerability management, continuous monitoring, and the POA&M processes.
Influence: Strong stakeholder influence and cross-team collaboration skills essential for driving organizational change.

The candidate must:

Meet US persons on US soil requirements.
Undergo full background investigation/screening.
Undergo IAL3 requirements (Identity proofing to include I-9 document verification, biometric collection, and mailing address confirmation).

If required for this role, you will:

- Complete security & privacy literacy and awareness training during onboarding and annually thereafter

- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):

> Data Classification, Retention & Handling Policy

> Incident Response Policy/Procedures

> Business Continuity/Disaster Recovery Policy/Procedures

> Mobile Device Policy

> Account Management Policy

> Access Control Policy

> Personnel Security Policy

> Privacy Policy

Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work which directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!

Saviynt is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

Apply now

Please let Saviynt know you found this job on Himalayas. This helps us grow!

Apply now

About the job

Apply before

Dec 18, 2025

Posted on

Oct 19, 2025

Job type

Full Time

Experience level

Director

Location requirements

United States

Hiring timezones

United States +/- 0 hours

Job categories

General Administration Information Security Senior Security Engineer Principal Security Engineer Security Engineering Manager Infrastructure Security Engineering Leader

Skills

FedRAMP GRC Continuous Control Monitoring AWS Azure Containers Kubernetes Vulnerability Scanning Solutions POA&M Updates ISO 27001 PCI DSS SOC

About the job

About Saviynt

Learn more about Saviynt and their company culture.

View company profile

Saviynt is a provider of intelligent identity and access governance solutions. The company empowers enterprises to secure their digital transformation, safeguard critical assets, and meet regulatory compliance. Saviynt's platform, the Identity Cloud, is designed to provide visibility, control, and intelligence to identity management. It offers a converged approach to identity security that is agile, cloud-based, and scalable to manage and mitigate risk across diverse IT landscapes, including multi-cloud, hybrid, and on-premises environments. The company aims to simplify the complexity of identity security by providing deep visibility and seamless integration across all IT environments.

Founded in 2010, Saviynt has established itself as a leader in the identity management market. The company's solutions address key areas of identity governance, cloud privileged access management (CPAM), and identity analytics and intelligence, helping organizations embrace Zero Trust principles. Saviynt's services are applicable to various sectors, including energy, government, financial services, higher education, healthcare, manufacturing, and retail. The company focuses on modernizing legacy identity governance and administration (IGA) systems and managing multi-cloud environments. Saviynt emphasizes innovation, customer focus, accountability, collaboration, and integrity as its core values. The company is committed to delivering advanced identity solutions that facilitate digital transformation by leading the market in security, ease of use, and organizational impact. Saviynt's mission is to provide intelligent, cloud-first identity governance and access management solutions that enable organizations to achieve Zero-Trust security.

About

Learn more about the company and their company culture.

View company profile

Tech stack

Learn about the tools and technologies that Saviynt uses to build, market, and sell its products.

View tech stack

Java

Linux

Microsoft Azure

Jenkins

Shopify

Vue.js

Preact

Microsoft Office 365

Amazon SES

Marketo

Employees can create an account to update this tech stack.

Employee benefits

Learn about the employee benefits and perks provided at Saviynt.

View benefits

Competitive Pay

Saviynt offers competitive compensation packages.

Great Benefits

Saviynt provides a comprehensive benefits package.

Flexible Time Off

Saviynt offers flexible time off to its employees.

Food, Drink & Snacks

Saviynt provides food, drinks, and snacks in the office.

View Saviynt's employee benefits

Employee benefits

Learn about the employee benefits and perks provided at the company.

View benefits

Company employees can update this section.

Apply now

Please let Saviynt know you found this job on Himalayas. This helps us grow!

Apply now

About the job

Apply before

Dec 18, 2025

Posted on

Oct 19, 2025

Job type

Full Time

Experience level

Director

Location requirements

United States

Hiring timezones

United States +/- 0 hours

Job categories

General Administration Information Security Senior Security Engineer Principal Security Engineer Security Engineering Manager Infrastructure Security Engineering Leader

Skills

FedRAMP GRC Continuous Control Monitoring AWS Azure Containers Kubernetes Vulnerability Scanning Solutions POA&M Updates ISO 27001 PCI DSS SOC

About the job

Claim this profile

Saviynt

Company size

1001-5000 employees

Founded in

2010

Chief executive officer

Sachin Nayyar

Markets

Identity and Access Management (IAM)Cybersecurity Cloud Security Identity Governance and Administration (IGA)Privileged Access Management (PAM)Zero Trust Security SaaS Cloud Computing IT Compliance and Risk Management Enterprise Software

Employees live in

United States

View company profile

Similar remote jobs

Here are other jobs you might want to apply for.

View all remote jobs

United States only

Engineering Manager, Security

SmarterDx

Employee count: 51-200

Salary: 230k-270k USD

Full Time

Engineering

United States only

Cyber Compliance Lead

ICF

Employee count: 5000+

Salary: 131k-222k USD

Full Time

IT Compliance Lead

United States only

Sr Manager, Vulnerability & Exposure Management

Datavant

Salary: 224k-260k USD

Full Time

Security & IT

United States only

Senior Information Security Engineer (Vulnerability Management)

Zscaler

Employee count: 5000+

Salary: 116k-165k USD

Full Time

Exposure Management & Security Operations

United States only

Sr. Product Security Consultant

Finite State

Employee count: 51-200

Full Time

Engineering

United States only

Director of GRC Engineering

Aquia

Employee count: 51-200

Salary: 160k-195k USD

Full Time

Saviynt

Employee count: 1001-5000

Salary: 120k-160k USD

Full Time

Human Resources

United States only

Platform Support Manager

Saviynt

Employee count: 1001-5000

Salary: 170k-221k USD

Full Time

Platform Support

Top remote companies

Remote companies

Find your next opportunity by exploring profiles of companies that are similar to Saviynt. Compare culture, benefits, and job openings on Himalayas.

View all companies

Find your dream job

Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

This is not a passive oversight role—this is your chance to take the helm of Saviynt's FedRAMP security mission and drive it from the front lines.

Your Mission: What You’ll Own and Drive

1. FedRAMP Leadership & Governance: Drive Certification and Trust
Lead Saviynt's entire FedRAMP program through certification, re-certification, and continuous monitoring cycles.
Develop and Maintain: Create and sustain the System Security Plan (SSP) and all FedRAMP-required documentation.
Direct ConMon: Lead monthly Continuous Monitoring (ConMon) meetings, ensuring technical issues are surfaced, resolved, and documented immediately.
Validate Artifacts: Personally review and validate all FedRAMP artifacts—audit reports, gap analysis, POA&Ms, and compliance forms.
Serve as POC: Be the primary Governance POC for internal teams, customers, and Federal auditors.
2. Hands-On Security Engineering: Build, Scan, and Secure
Execute technical security controls within our mission-critical Federal environments.
Architect and Integrate: Design and integrate secure solutions for AWS, Azure, containers, Kubernetes, and modern applications relevant to the FedRAMP platform.
Hunt & Mitigate: Independently run vulnerability scans, analyze results, determine exploitability, and rapidly deploy mitigations across the environment.
Enhance Detection: Recommend and implement monitoring enhancements; actively analyze detection alerts to identify and respond to threats.
Automate Compliance:Automate GRC workflows to drastically improve the speed, accuracy, and scalability of compliance processes.
3. Cross-Functional Security Enablement: Embed Security Everywhere
Partner with core business and technology teams to embed security and compliance from inception to deployment.
Embed Early: Proactively partner with product, engineering, and operations to embed security and compliance requirements early in the development lifecycle.
Translate Requirements: Convert complex technical audit requirements into clear, actionable engineering deliverables.
Support Engagement: Support sales and customer success by addressing client compliance and security queries, acting as a trusted security expert.
Manage Risk: Conduct risk assessments, track remediation efforts, and maintain a comprehensive risk register.
Contract Review: Review vendor and customer contracts for security clauses, driving favorable compliance outcomes.
4. Compliance Expansion: Scale the GRC Foundation
Grow and formalize our overarching compliance framework.
Expand Reach: Contribute to and execute on other compliance programs including ISO 27001, PCI-DSS, SOC 1, and SOC 2.
Document Strategy: Develop and update core security documentation: policies, standards, incident response plans, and contingency plans.
Measure Posture:Establish and maintain metrics that clearly measure the GRC posture and inform leadership decisions.
Lead Training: Drive security awareness and training initiatives across the organization.

What You Bring: Your Qualifications for Command

U.S. Citizenship is required.
15+ years of hands-on security architecture/engineering experience with cloud, containers, and modern app environments.
FedRAMP Authority: Proven leadership in FedRAMP environments with absolute mastery of NIST RMF and SP 800-53 Rev 5 controls.
Technical Expertise: Strong technical knowledge of secure solutions for AWS, Azure, Kubernetes, and modern application security practices.
Dual Leadership: Demonstrated ability to both lead compliance strategy (policy, documentation, risk) and execute technical controls directly (scanning, mitigation, architecture).
Agile & Executive Ready: Experience managing Agile projects and delivering polished, effective technical governance updates to executive audiences.
Vulnerability Expertise: Deep experience with vulnerability management, continuous monitoring, and the POA&M processes.
Influence: Strong stakeholder influence and cross-team collaboration skills essential for driving organizational change.

The candidate must:

Meet US persons on US soil requirements.
Undergo full background investigation/screening.
Undergo IAL3 requirements (Identity proofing to include I-9 document verification, biometric collection, and mailing address confirmation).

If required for this role, you will:

- Complete security & privacy literacy and awareness training during onboarding and annually thereafter

- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):

> Data Classification, Retention & Handling Policy

> Incident Response Policy/Procedures

> Business Continuity/Disaster Recovery Policy/Procedures

> Mobile Device Policy

> Account Management Policy

> Access Control Policy

> Personnel Security Policy

> Privacy Policy