Senior GRC Engineer

About Aquia Inc.

Named the “#1 Best Remote Startup to Work For in 2025” by Built In, Aquia is a digital services firm specializing in cloud infrastructure, cybersecurity, and compliance automation for the U.S. government.  

Founded by Veterans, we are passionate about making our country digitally capable and secure. Since 2021, we’ve generated millions in cost savings through cloud services and licensing optimization, enabled civil servants to double health care fraud investigations through streamlined cloud-based systems, and reduced authorization timelines by 74% through modernized security processes. Last year, we were named the 2024 Service-Disabled Veteran-Owned Business (SDVOSB) of the Year by the Department of Health and Human Services (HHS).

Senior GRC Engineer - Identity Specialist

Aquia is seeking a Senior GRC Engineer to support the Centers for Medicare & Medicaid Services (CMS) in advancing its Zero Trust strategy and improving compliance maturity across the agency. This engineer will play a leading role in integrating modern compliance engineering practices into secure, scalable AWS environments. With a strong focus on identity integration, compliance CI/CD pipelines, and Zero Trust-aligned telemetry, you'll help CMS drive meaningful progress toward CISA's Zero Trust maturity goals. This position requires U.S. citizenship and the ability to pass a federal background check.

What you'll do

• Architect and implement security and compliance automation workflows directly within AWS-based CI/CD pipelines, driving modernization of services and practices across CMS environments.
• Translate and align agency security and compliance efforts with the CISA Zero Trust Maturity Model, working to operationalize Zero Trust pillars across infrastructure, identity, and data.
• Design and support secure integration of Okta, Sailpoint, AD, FIDO2, and PR-MFA systems across identity providers, including legacy authentication/authorization systems.
• Work with internal and external identity teams to integrate and streamline systems for staff and customers.
• Build and manage new and existing AWS service dashboards to surface compliance signals, automate control validation, and monitor security posture across cloud environments.
• Deploy and manage infrastructure using the AWS CLI, ensuring consistent, scalable, and secure configurations aligned with compliance requirements and federal security frameworks.
• Automate the generation and maintenance of security documentation and system artifacts.
• Leverage SQL and Snowflake to drive security and compliance reporting, data-driven policy enforcement, and SDL automation initiatives.
• Develop and maintain tools that support identity-centric automation in support of Zero Trust principles.
• Provide technical leadership in integrating FISMA, CMS ARS, NIST 800-53, 800-63, 800-207 controls, and relevant executive orders into day-to-day development and cloud operations.
• Collaborate across engineering, compliance, and identity teams to ensure Zero Trust-aligned identity controls are measurable and auditable.
• Participate in strategy, planning, and contribute to an evolving backlog of automation and identity integration improvements.

What we're looking for

• 13+ years of engineering experience, with extensive work in zero trust, identity architecture, and compliance automation.
• Deep experience implementing and integrating Okta, Sailpoint, AD, ICAM, FIDO2, PR-MFA, and identity federation in government and hybrid cloud environments.
• Strong hands-on experience with AWS services, including dashboarding, security monitoring, and infrastructure deployment via AWS CLI.
• Expertise in compliance CI/CD workflows, including evidence automation and policy-as-code approaches.
• Extensive capabilities in GitHub, GitHub Actions, GitLab, and GitOps workflows.
• Proficiency in Terraform, Python, Markdown, React, and Go.
• Deep understanding of NIST 800-53, 800-63, 800-207, and FISMA requirements within a federal agency context.
• Expert level understanding of the CISA Zero Trust Maturity Model and its application to modern federal environments.
• Strong SQL skills and experience using Snowflake for compliance and identity analytics.
• Knowledge and experience with OSCAL for managing machine-readable compliance content.
• Excellent communication and collaboration skills, with the ability to work across identity, security, and compliance teams.Experience in GRC engineering and building automation tools that simplify evidence collection, reporting, and audits.
  
  

Benefits

• Premium health care plans (90% employer-paid)
• Employee stock plan
• 100% 401k match (up to IRS annual max)
• Generous PTO package
• Personal training and development budget

Stay in touch

Sign up for our newsletter to receive updates on cloud and cybersecurity in the public sector and what's new at Aquia.

Aquia Inc. is an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.