NEWPosted 15 hours ago

Job ID: JOB_ID_2076

Role Overview

ConvexTech Inc. is looking for a seasoned Information System Security Engineer (ISSE) for a high-impact hybrid role based in Austin, TX. This position requires a professional who can lead security governance, compliance, and risk management activities with a specific focus on System Security & Privacy Plans (SSP/SSPP). The ideal candidate will bridge the gap between technical security operations and regulatory compliance, ensuring that public-facing services are delivered securely across complex, multi-platform environments. You will be a key player in maintaining the security posture of critical enterprise systems and ensuring audit readiness at all times.

Key Responsibilities

  • Lead the end-to-end development, maintenance, and updates of System Security & Privacy Plans (SSP/SSPP) for enterprise-level systems to ensure regulatory compliance.
  • Drive remediation activities through the management of Plan of Action and Milestones (POA&M), ensuring all compliance gaps are closed within established timelines and documented properly.
  • Translate findings from penetration testing and vulnerability assessments into actionable remediation work items, such as EPICs and user stories for development teams.
  • Coordinate closely with application, infrastructure, and security teams to validate remediation efforts through rigorous re-testing and evidence collection.
  • Oversee risk-based vulnerability management, prioritizing tasks based on severity and ensuring SLA-driven remediation across the organization.
  • Provide governance oversight for critical security controls, including endpoint protection, web application security, and cloud security in hybrid environments.
  • Produce assessor-ready documentation, including detailed configurations, monitoring evidence, formal approvals, and incident traceability for external audits.
  • Support continuous audit readiness and work to reduce repeat findings through disciplined governance and documentation practices.
  • Mentor and guide junior team members on security governance best practices and the implementation of security frameworks.
  • Support HHSC systems, specifically focusing on SSP development and compliance within that specialized domain.
  • Collaborate with stakeholders to ensure security is integrated into the project lifecycle from inception to deployment.

Qualifications and Experience

  • Minimum of 12 years of experience with a deep focus on Governance, Risk, and Compliance (GRC), Enterprise Security, and Security Architecture.
  • Extensive experience in Vulnerability Management, Penetration Testing, and Cloud Security within hybrid environments.
  • At least 10 years of proven experience owning the SSP development process from start to finish for large-scale systems.
  • Hands-on experience with federal or state security frameworks, specifically CMS MARS-E v2.2 or comparable standards like NIST or FedRAMP.
  • Expertise in control implementation documentation, audit evidence collection, and POA&M management.
  • 8+ years of experience translating technical security issues into compliance-aligned remediation actions for non-technical stakeholders.
  • Strong stakeholder management skills, with the ability to communicate effectively with security, infrastructure, and application teams.
  • Excellent written and verbal communication skills, suitable for presenting complex security risks to executive stakeholders.
  • In-depth knowledge of NIST 800-53, NIST RMF, and privacy controls.
  • Familiarity with Secure SDLC and DevSecOps practices to integrate security into the development pipeline.
  • 5+ years of experience operating in multi-vendor, multi-platform environments.
  • Demonstrated ability to improve compliance maturity and reduce repeat audit findings through process improvement.
  • At least 1 year of specific experience supporting HHSC systems and their unique compliance requirements.

Strategic Impact

As an ISSE at ConvexTech, your work will directly impact the security and reliability of public-facing services. By leading the SSP/SSPP development and POA&M management, you ensure that our systems not only meet legal requirements but also provide a safe environment for sensitive data. Your ability to translate technical vulnerabilities into actionable business items is crucial for the continuous improvement of our security posture. This role offers the opportunity to work with diverse technologies and lead high-level security strategies in a collaborative and professional environment.

Special Requirements

Visa: Only USC/GC/EAD; Interview: video; Domain: HHSC systems; Location: Local to Austin only.

Compensation & Location

Salary: $160,000 – $220,000 per year (Estimated)

Location: Austin, TX

Recruiter / Company – Contact Information

Recruiter / Employer: ConvexTech Inc.

Email: raj@convextech.com

Interested in this position?
Apply via Email

Recruiter Notice:
To remove this job posting, please send an email from
raj@convextech.com with the subject:

DELETE_JOB_ID_2076

to delete@join-this.com.