ECS

Compensation

Full Description

ECS is seeking a GRC Engineer – CSAM to work in our Bethesda, MD office.     ECS Federal is seeking a GRC Engineer to operate and evolve the Federal Agency’s Cybersecurity Assessment and Management (CSAM) GRC platform. This full-time role blends engineering and operations to deliver day-to-day O&M, integrations, and reporting—while maturing authorization workflows toward Ongoing Authorization (OA). The engineer will also apply OSCAL skills as a required capability to support machine-readable compliance artifacts and audit-ready evidence. POSITION RESPONSIBILITIES: * Serve as the GRC Engineer for CSAM GRC O&M: platform configuration, upgrades/patching, role management, troubleshooting, and performance tuning. * Design, deploy, and manage cybersecurity systems, management software, and reporting software that integrate with CSAM. * Build and run data pipelines from discovery/CMDB/vulnerability tools into CSAM; enforce normalization and boundary mappings. * Manage sensors and supporting components (tuning, updates, installation). * Assist with development and updates to cybersecurity and computer usage policies reflected in CSAM workflows. * Advance OA by embedding continuous monitoring evidence, automated control assessments, and risk scoring into CSAM processes. * Administer supporting Linux/Windows infrastructure and coordinate with platform, network, and database teams. * Respond to incidents and support remediation, ensuring platform artifacts and reports are complete and defensible for auditors. * Produce clear, concise documentation (runbooks, SOPs, data dictionaries, mappings, and change records). Salary Range: $120,000 - $140,000 General Description of Benefits [https://ecstech.com/careers/benefits] Qualifications * Strong written and verbal communication skills; able to brief executives and collaborate with technical teams. * Proven experience leading GRC tool engineering (preferably CSAM or equivalent) including upgrades, tuning, role/permission governance, and data quality. * Ten (10)+ years of experience in the information security field (minimum). * Experience planning and executing tool/process changes that enable OA within NIST RMF environments. * Experience administering Linux and Windows Server systems supporting security tooling. * Experience integrating asset, configuration, and vulnerability data sources into a GRC platform; comfort with APIs, ETL, and normalization. * Ability to respond to incidents and conduct remediation using platform evidence and logs. * Demonstrated ability to translate policy into repeatable, automated workflows (e.g., evidence jobs, control status, POA&M updates). * Required skill: familiarity with OSCAL (modeling or consumption) to support machine-readable SSP/assessment/POA&M outputs. CERTIFICATIONS/LICENSES: * Education: Bachelor’s degree in Computer Science, MIS/IT, Engineering, Information Security/IA, or related field (minimum). * One or more of the following preferred: CISSP, CAP, CISM, CRISC, CISA, Security+ (or equivalent).