About Keyfactor Our mission is to build a connected society, rooted in trust, with identity-first security for every machine and human. Keyfactor helps organizations move fast to establish digital trust at scale - and then maintain it. With decades of cybersecurity experience, Keyfactor is trusted by more than 1,500 companiesacross the globe. We are proud to continually earn recognition as a Best Place to Work, and we achieve that through our amazing people who cultivate our culture as we grow. We hope you will trust your future with Keyfactor! Title: Information Security Engineer Location: United States; Remote Experience: Mid-Level Job Function: IT Compliance Employment Type: Full-Time Industry: Computer Network & Security Job Summary We are seeking an experienced Information Security Engineer with a strong background in implementing and managing general information security frameworks, including ISO 27001:2022 and SOC 2 Type II. Experience with government compliance frameworks, such as FedRAMP and CMMC, is preferred. This role involves designing, maintaining, and improving our security infrastructure to ensure compliance with regulatory standards and support continuous monitoring efforts. The ideal candidate will play a key role in safeguarding the organization's data and infrastructure while driving adherence to evolving security best practices. The position is based in the US and can be performed remotely. Applicants must hold U.S. citizenship or U.S. permanent resident status. Job Responsibilities Experience conducting vulnerability assessments, system audits, and risk analysis using industry-standard scanning tools (e.g., Nessus, Azure security tools, Tenable, Burpsuite, etc...) to support a proactive security posture. Manage and implement continuous monitoring processes to ensure the organization maintains compliance with a variety of information security frameworks, including ISO 27001:2022 and SOC 2 Type II. Experience with government compliance standards such as FedRAMP (NIST SP 800-53) and CMMC is preferred. This role focuses on ensuring robust security practices and adapting to evolving compliance requirements. Collaborate closely with IT, DevOps, Engineering, and Compliance teams to enforce security policies, procedures, and best practices. Actively monitor, analyze, and respond to security alerts and incidents, performing investigations, incident handling, and recommending corrective actions. Provide expert guidance on security matters to support secure development and operations. Assist in developing, managing, and updating security documentation, including System Security Plans (SSPs), Plan of Actions & Milestones (POA&Ms), and other Risk Management Framework artifacts required by FedRAMP Applying and validating Security Technical Implementation Guides (STIGs) and government guidelines to configure and secure systems according to federal standards across multiple OS's, system types, and technologies Minimum Qualifications, Education, and Skills 5+ years of experience in information security or a similar role Proficiency in vulnerability scanning tools (Nessus, Burpsuite, Tenable, etc...) and interpreting scan results for remediation. Strong knowledge of security standards Demonstrated experience in continuous monitoring, network security, firewalls, VPNs, IDS/IPS, and endpoint protection. Strong analytical skills and a meticulous approach to problem-solving Demonstrated capability to deliver results on-time and to a defined schedule. Relevant certifications (e.g., CISSP, CompTIA Security+, CAP) are strongly preferred Familiarity with cloud security principles Experience with security automation and continuous monitoring tools PKI knowledge a plus Knowledge of scripting languages (Python, PowerShell) to automate security processes Expe