GRC Engineer - CSAM

Job Description

ECS is seeking a GRC Engineer - CSAM to work in our Bethesda, MD office.

ECS Federal is seeking a GRC Engineer to operate and evolve the Federal Agency's Cybersecurity Assessment and Management (CSAM) GRC platform. This full-time role blends engineering and operations to deliver day-to-day O&M, integrations, and reporting-while maturing authorization workflows toward Ongoing Authorization (OA). The engineer will also apply OSCAL skills as a required capability to support machine-readable compliance artifacts and audit-ready evidence.

Position Responsibilities:

• Serve as the GRC Engineer for CSAM GRC O&M: platform configuration, upgrades/patching, role management, troubleshooting, and performance tuning.
• Design, deploy, and manage cybersecurity systems, management software, and reporting software that integrate with CSAM.
• Build and run data pipelines from discovery/CMDB/vulnerability tools into CSAM; enforce normalization and boundary mappings.
• Manage sensors and supporting components (tuning, updates, installation).
• Assist with development and updates to cybersecurity and computer usage policies reflected in CSAM workflows.
• Advance OA by embedding continuous monitoring evidence, automated control assessments, and risk scoring into CSAM processes.
• Administer supporting Linux/Windows infrastructure and coordinate with platform, network, and database teams.
• Respond to incidents and support remediation, ensuring platform artifacts and reports are complete and defensible for auditors.
• Produce clear, concise documentation (runbooks, SOPs, data dictionaries, mappings, and change records).
  
  

Salary Range: $120,000 - $140,000

Required Skills

General Description of Benefits

• Strong written and verbal communication skills; able to brief executives and collaborate with technical teams.
• Proven experience leading GRC tool engineering (preferably CSAM or equivalent) including upgrades, tuning, role/permission governance, and data quality.
• Ten (10) years of experience in the information security field (minimum).
• Experience planning and executing tool/process changes that enable OA within NIST RMF environments.
• Experience administering Linux and Windows Server systems supporting security tooling.
• Experience integrating asset, configuration, and vulnerability data sources into a GRC platform; comfort with APIs, ETL, and normalization.
• Ability to respond to incidents and conduct remediation using platform evidence and logs.
• Demonstrated ability to translate policy into repeatable, automated workflows (e.g., evidence jobs, control status, POA&M updates).
• Required skill: familiarity with OSCAL (modeling or consumption) to support machine-readable SSP/assessment/POA&M outputs.
  
  

Certifications/Licenses:

• Education: Bachelor's degree in Computer Science, MIS/IT, Engineering, Information Security/IA, or related field (minimum).
• One or more of the following preferred: CISSP, CAP, CISM, CRISC, CISA, Security (or equivalent).
  
  

Desired Skills

• Hands-on with CSAM specifically (collections, workflows, reporting) or similar federal GRC tools.
• Experience with NIST RMF (SP 800-37), NIST SP 800-53 Rev. 5, FIPS 199, and FISMA/ISCM reporting.
• Familiarity with cloud environments (AWS/Azure) and control inheritance patterns.
• Experience designing dashboards and metrics that feed executive reporting and quarterly FISMA submissions.
  
  

#ECS1

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3300 employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.