Continuous Monitoring Engineer (Remote)

Zachary Piper Solutions is seekinga Continuous Monitoring Engineer to join a leading cyber security provider of critical solutions remotely.The team is seeking an individual with advanced expertise operating as a vulnerability engineer, to drive security and compliance in cloud-based environments for a variety private and public sector customers.

Location: 100% remote

This job opens for applications on 2/26/2026. Applications for this job will be accepted for at least 30 days from the posting date

Responsibilities:

• Oversee the end-to-end POA&M lifecycle, including development, tracking, risk justification, and submission of deviation requests in coordination with 3PAOs and federal stakeholders.
• Gather, structure, and maintain security evidence and documentation to support monthly continuous monitoring and compliance assessments (e.g., FedRAMP, HITRUST, PCI).
• Maintain up-to-date system inventories and system boundary documentation to ensure accurate and complete scanning coverage.
• Review and analyze vulnerability scan results, validate or dismiss false positives, and prepare detailed risk assessments to support deviation requests.
• Execute routine and ad-hoc vulnerability scans across operating systems, databases, web applications, and containerized environments.
• Translate complex technical vulnerabilities into clear, risk-based explanations for federal clients and deliver monthly status reports.

Qualifications:

• Bachelors degree in related field and 3-5+ years of experience in vulnerability management, compliance monitoring, or related security operations functions.
• Certifications: Cloud service provider (AWS Solutions, Azure, GCP), IAT II preferred
• Hands-on proficiency with vulnerability management across operating systems, databases, networks, containers, web applications, and APIs.
• Practical experience managing vulnerabilities in at least two major cloud environments, such as AWS, Azure, or Google Cloud Platform.
• Scripting, DevOps, and SRE experience highly preferred, using Python, PowerShell, Bash, CI/CD
• Familiarity with at least one compliance framework (e.g., FedRAMP, HITRUST, PCI), including performing risk assessments and producing compliance-related reports.
• Proven ability to deliver recurring vulnerability status reports and collaborate with internal and external teams to track remediation progress.

Compensation:

• Total compensation based on experience level - $120,000-$130,000 + bonus **based on years of experience**
• Full Benefits: PTO, 11 Paid Holidays, Sick leave as required by state law, Medical, Dental, and Vision, 401k
• Up to 10% annual bonus
• 100% remote work

#LI-MK1 #LI-Onsite

Keywords: POA&M management, POA&M lifecycle, risk justification, deviation requests, 3PAO coordination, federal stakeholders, continuous monitoring, compliance assessments, FedRAMP, HITRUST, PCI, POA&M, nessus, GCP, Google Cloud, Azure, compliance, cyber, cyber security, eMass, ACAS, NIST, W2, hiring, opentowork, remote, security evidence collection, security documentation, system inventories, system boundary documentation, scanning scope, vulnerability analysis, false positive validation, risk assessments, vulnerability scans, operating system scanning, database vulnerability scanning, web application scanning, container scanning, API vulnerabilities, technical vulnerability translation, risk-based reporting, federal client communication, monthly status reporting, vulnerability management, compliance monitoring, security operations, cloud security, AWS, Azure, Google Cloud Platform, CSP certifications, IAT II certification, cloud vulnerability management, network vulnerabilities, container security, cybersecurity governance, security frameworks, security compliance, information security, security assessment, cloud environments, hands-on security experience.