Note: The job is a remote job and is open to candidates in USA. Deltek is a leading provider of ERP solutions for Government contractors. The Senior GRC Engineering Analyst will ensure Deltek’s cloud environments meet security and compliance obligations by testing technical controls, supporting audits, and maturing core GRC services.
Responsibilities
- Lead audits and assessments with a key focus on engineering, technical control design, and control implementation aligned to frameworks/programs such as NIST 800-53 Rev. 5, FedRAMP, CMMC, ISO 27001, PCI DSS, SOC 1, and SOC 2
- Test, validate, and document cloud control implementations across AWS, Azure, and OCI, including IAM, network segmentation, encryption/key management, logging/monitoring, vulnerability management, container security, infrastructure-as-code, and CI/CD pipelines
- Partner with Security Engineering, Cloud Engineering, DevOps, IT, and Product teams to translate compliance requirements into scalable, automated, and auditable technical controls
- Own assessment execution end-to-end, including scope definition, technical walkthroughs, control testing, evidence validation, issue tracking, remediation follow-up, and reporting
- Design, maintain, and improve audit-ready artifacts, including control narratives, test procedures, evidence mappings, technical diagrams, implementation documentation, and control validation results
- Facilitate technical walkthroughs with stakeholders and auditors; clearly explain control intent, system architecture, implementation details, evidence sources, and test results
- Identify control gaps, assess technical risk and business impact, and drive remediation to closure with accountable engineering and control owners
- Support continuous compliance through control automation, recurring evidence collection, control health monitoring, and integration with tools such as cloud security platforms, ticketing systems, SIEM, vulnerability management tools, and GRC platforms
- Own or support key GRC services, including policy lifecycle, risk management, FedRAMP continuous monitoring, POA&M management, customer due diligence, security questionnaires, and audit readiness, with a focus on process improvement and automation
- Build compliance metrics and reporting, including dashboards, scorecards, executive summaries, control health indicators, remediation trends, and audit readiness reporting
- Develop or support automation scripts, queries, workflows, or integrations to streamline evidence collection, control testing, compliance monitoring, and reporting
- Evaluate cloud services, system changes, and new technical implementations for compliance impact and advise teams on control requirements early in the design and deployment lifecycle
- Maintain strong working knowledge of cloud security architecture, identity and access management, secure SDLC, infrastructure-as-code, logging/monitoring, vulnerability management, encryption, and change management practices
Skills
- 3+ years of experience in GRC engineering, cloud security or compliance, IT audit/ITGC, Security Operations (SecOps), internal audit, IT risk management, or related fields, with hands-on experience implementing, validating, security tooling and assessing technical controls
- Bachelor's degree in information security, Computer Science, Informatics with Security, MIS, Engineering, or equivalent practical experience
- Experience assessing and validating controls in one or more major cloud platforms, including AWS, Azure, or OCI. Practical OCI experience is preferred
- Working knowledge of cloud security control areas such as IAM, logging and monitoring, encryption/key management, vulnerability management, network security, change management, secure SDLC, CI/CD, and infrastructure-as-code
- Experience partnering with engineering, security, cloud operations, or platform teams to collect evidence, validate control implementation, identify gaps, and support remediation
- Ability to review technical documentation, system configurations, screenshots, logs, tickets, diagrams, and other evidence to determine whether controls are operating effectively
- Familiarity with one or more security and compliance frameworks, such as NIST 800-53, FedRAMP, CMMC, ISO 27001, PCI DSS, SOC 1, or SOC 2
- Possess a security, audit, or cloud certification, such as CISA, CISSP, CCSK/CCAK, AWS, Azure, GCP, or OCI certification, or obtain one within 12 months. Candidates with relevant certification(s) already held are preferred
- US Citizenship is required for this position
- OCI experience
- ITAR and/or Government Cloud assessment experience
- Hands-on experience with FedRAMP and/or NIST 800-171, plus familiarity with CSA CCM and CIS Benchmarks
- Experience supporting or assessing secure software development in cloud environments (e.g., CI/CD, infrastructure as code, containers)
Benefits
- Employees have access to healthcare benefits
- A 401(k) plan and company match
- Paid vacation time and holidays
- Well-living programs
- Short-term and long-term disability coverage
- Basic life insurance
- Tuition reimbursement
- Certain roles are eligible for additional rewards, including incentive compensation and equity
Company Overview