Security Engineer 4 - FedRAMP Compliance Architect

About the position

PagerDuty is seeking a Security Engineer 4 - FedRAMP Compliance Architect to join our diverse, customer-focused team! This Security Engineer 4 - FedRAMP Compliance Architect will design, implement, and maintain secure architectures that meet FedRAMP requirements in a multi-tenant cloud environment. This role combines deep technical expertise with FedRAMP compliance knowledge to create scalable, secure solutions. You'll be the glue between security compliance requirements and technical implementation, ensuring our cloud infrastructure meets federal security standards while enabling business objectives.

Responsibilities

• Design, implement, and maintain system architectures to align with FedRAMP requirements.
• Serve as the subject matter expert (SME) on FedRAMP, advising internal teams on security best practices, control implementations, and risk mitigation strategies.
• Collaborate with engineering, operations, product, and corporate IT teams to develop secure cloud-based architectures that meet federal compliance mandates.
• Implement governance strategy on technical security controls, including access management, configuration, encryption, logging, monitoring, and vulnerability management.
• Support annual assessments, security control reviews, and audits, coordinating with third-party assessors (3PAO) and government sponsors.
• Technical support for external stakeholders on customer responsibilities.
• Key contributor to the development and maintenance of the System Security Plan (SSP), Policies and Procedures, Configuration Management Plan, Secure System Development Life Cycle, and other FedRAMP documentation.
• Partner with the GRC (Governance, Risk, and Compliance) team to efficiently track and resolve security findings.

Requirements

• 5+ years of experience in cloud security architecture, compliance, or cybersecurity engineering, with at least 3 years of experience supporting FedRAMP Moderate or High authorization.
• Deep expertise in FedRAMP, NIST 800-53, FISMA, and cloud security best practices.
• Strong ability to assess security risks and recommend technical and procedural mitigations.
• Experience working with AWS GovCloud, Azure Government, or other federal cloud environments.
• Experience with audit preparation, risk assessments, and working with third-party assessors (3PAOs).
• Exceptional written and verbal communication skills for creating and managing FedRAMP documentation.

Nice-to-haves

• Experience supporting DoD IL 4 or 5 environments.
• Experience with data governance frameworks, secure data storage, and data lifecycle management in multi-tenant cloud environments.
• Understanding of NIST AI Risk Management Framework (AI RMF) and its implications for secure AI adoption in government environments.
• Familiar with SaaS security tools (such as Sumo Logic, Datadog, Crowdstrike, Wiz, Lucidchart, Snyk, and Qualys).
• Familiarity with Cloud Native and SaaS constructs, including architectures, DevOps, CI/CD, and SecOps disciplines.
• Relevant certifications, such as: Certified Information Systems Security Professional (CISSP), AWS Security Specialty, or equivalent, CompTIA Advanced Security Practitioner (CASP+), Certificate of Cloud Security Knowledge (CCSK).

Benefits

• Competitive salary
• Comprehensive benefits package from day one
• Flexible work arrangements
• Generous paid vacation time
• Paid holidays and sick leave
• Dutonian Wellness Days - scheduled company-wide paid days off in addition to PTO
• Company equity
• ESPP (Employee Stock Purchase Program)
• Retirement or pension plan
• Paid parental leave - up to 22 weeks for pregnant parent, up to 12 weeks for non-pregnant parent
• HibernationDuty - an annual company paid week off
• Paid volunteer time off - 20 hours per year
• Company-wide hack weeks
• Mental wellness programs