Cyber Security Engineer

About Wellspring

Wellspring Worldwide is the leading provider of software tools to manage technology commercialization and intellectual property. By the numbers, Wellspring maintains >75% market share across the US and Canada, >98% client retention rate, and >30% annual growth.
 
Our suite of web-based software manages the transformation of scientific discoveries into real-world products. We work with clients to accelerate the pace of innovation at premier research universities, R&D groups at Fortune 500 companies, and leading medical institutions. Wellspring also operates Flintbox®, the largest online marketplace for inventions emerging from research labs around the world.  

About the role

We are seeking a highly skilled and experienced Security Professional with expertise in SOC 2, ISO 27001, GDPR, FedRAMP, and the Department of Defense (DoD) Risk Management Framework (RMF). The ideal candidate will have deep knowledge of security frameworks, regulatory requirements, and compliance mandates, particularly in the U.S. cybersecurity landscape. This role requires both technical proficiency and strong communication and leadership skills to manage and implement comprehensive security strategies across the organization.

Key Responsibilities:
  1. Lead and manage security audits and compliance efforts for SOC 2, ISO 27001, GDPR, FedRAMP, and RMF, ensuring adherence to regulatory requirements and industry best practices.
  2. Develop, implement, and maintain security policies, procedures, and controls to protect sensitive data and ensure continuous compliance.
  3. Guide and oversee security authorization processes for FedRAMP and RMF, including preparation for DoD Authorization to Operate (ATO).
  4. Conduct risk assessments and vulnerability analyses, identifying potential threats and ensuring timely remediation.
  5. Lead incident response efforts, managing the detection, investigation, and resolution of security incidents.
  6. Collaborate with cross-functional teams to address security issues and implement technical controls.
  7. Maintain awareness of evolving cybersecurity threats, emerging technologies, and security best practices.
  8. Provide ongoing training and security awareness programs for staff, ensuring compliance with security policies and standards.
  9. Act as a subject matter expert on GDPR, DoD RMF, and U.S. security regulations, advising the organization on compliance and risk mitigation strategies. 

Qualifications:

  • Bachelor's degree in information security, Computer Science, or related field.
  • Relevant certifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor, or FedRAMP Authorized Representative.
  • 5+ years of experience in security and compliance roles, with a focus on SOC 2, ISO 27001, GDPR, FedRAMP, and DoD RMF.
  • Extensive experience with U.S. government security requirements, including working with DoD contracts and secure hosting environments.

Key Competencies:

  • Technical Skills:
    • Expertise in SOC 2 Type I and II audits, ISO 27001 certification processes, and GDPR compliance.
    • In-depth knowledge of FedRAMP authorization, DoD RMF, and secure cloud environments (AWS, Azure, Google Cloud).
    • Hands-on experience with RMF workflows, including security categorization, risk assessment, continuous monitoring, and ATO processes for federal systems.
    • Proficiency in security tools such as SIEM, vulnerability scanners, encryption technologies, and firewall management.
    • Strong understanding of network security, data protection methodologies, and secure software development practices.
    • Experience with security frameworks like NIST SP 800-53, DoD 8510.01, STIG, and other security standards.
    • Familiarity with cloud security, including continuous monitoring, risk assessments, and compliance reporting.
  • Soft Skills:
    • Leadership: Proven ability to lead security initiatives, teams, and cross-functional projects.
    • Communication: Excellent ability to communicate complex security concepts to both technical and non-technical stakeholders.
    • Problem-solving: Analytical skills to assess and mitigate security risks.
    • Collaboration: Strong interpersonal skills, able to work with diverse teams and external partners.
    • Adaptability: Ability to stay current with changing regulations and emerging threats.
This is an exciting opportunity to shape the security strategy and compliance roadmap in a cutting-edge environment. If you’re passionate about cybersecurity and have the technical expertise to match, we’d love to hear from you!

Infrastructure

Remote (United States)

Share on:

Terms of servicePrivacyCookiesPowered by Rippling