About Aquia Inc.
Named the “#1 Best Remote Startup to Work For in 2025” by Built In, Aquia is a digital services firm specializing in cloud infrastructure, cybersecurity, and compliance automation for the U.S. government.
Founded by Veterans, we are passionate about making our country digitally capable and secure. Since 2021, we’ve generated millions in cost savings through cloud services and licensing optimization, enabled civil servants to double health care fraud investigations through streamlined cloud-based systems, and reduced authorization timelines by 74% through modernized security processes. Last year, we were named the 2024 Service-Disabled Veteran-Owned Business (SDVOSB) of the Year by the Department of Health and Human Services (HHS).
Candidates must be U.S. Citizens eligible for a Public Trust Clearance.
Director of GRC EngineeringPosition Overview:
The Director of GRC Engineering will be responsible for leading and growing the Governance, Risk, and Compliance (GRC) Engineering practice at Aquia. Tactically, this position will support engineering solutions for the Continuous Authorization to Operate (cATO) program at a U.S. Government agency. This role will ensure efficient delivery and operations of compliance automation within NIST 800-53 frameworks and lead development for integrations of services like AWS, CI/CD Pipelines, etc., and modern GRC systems.
Responsibilities:
- System Development and Integration: Lead testing, development, and implementation for cATO automations to ensure optimal performance and integration with the agency’s existing systems, such as AWS, CI/CD Pipelines, and cloud-native technologies. Activities also include leading the transition from an existing GRC platform to a new cloud-native cATO platform.
- Automation: Automate RMF processes, ensuring the seamless integration of controls into an agency DevSecOps environment, including API integration.
- Practice Leadership: Lead Aquia’s GRC Engineering practice. Support engineers in the practice with insight, guidance, and growth opportunities. Lead by example with technical ability and skillsets.
- Business Alignment: Provide internal support to Aquia’s compliance initiatives by engineering solutions which simplify and automate Aquia’s compliance goals reducing cost as well as manual and cognitive load. Guide GRC programs to focus on outcomes vs outputs in compliance deliverables through the lens of an engineering discipline.
- Compliance Cracking: Demonstrate mastery of compliance frameworks and the ability to engineer solutions which automate evidence collection to meet compliance requirements.
- GRC Engineering Advocate: Lead and build trust with internal and external cloud engineers, security teams, compliance stakeholders, and executive stakeholders through the journey of GRC Engineering modernization.
Required Qualifications:
- Working knowledge of Python or Go.
- Experience in GRC Engineering, Security Engineering, or Software Engineering with a focus on automation and system integration within complex compliance environments.
- Expertise in compliance frameworks, NIST RMF processes, NIST SP 800-53 Rev. 5 controls, and federal cybersecurity policies.
- Experience leading multi-disciplinary teams.
Benefits
- Premium health care plans (90% employer-paid)
- Employee stock plan
- 100% 401k match (up to IRS annual max)
- Generous PTO package
- Personal training and development budget
Stay in touch
Sign up for our newsletter to receive updates on cloud and cybersecurity in the public sector and what's new at Aquia.
Aquia Inc. is an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.
Top Skills
What We Do
Aquia is a digital services firm specializing in cloud infrastructure, cybersecurity, and compliance automation. Since 2021, we’ve generated millions in cost savings through cloud services and licensing optimization, enabled civil servants to double health care fraud investigations through streamlined cloud-based systems, and reduced authorization timelines by 74% through modernized security processes.
As strategic advisors and engineers, we help our customers develop and deploy innovative cloud and cybersecurity technologies, adopt and implement digital transformation initiatives, and navigate complex regulatory landscapes. We believe that small businesses are uniquely positioned to disrupt the status quo and lead digital transformation efforts — and we have the past performance to prove it.
Named the 2024 Service-Disabled Veteran-Owned Business (SDVOSB) of the Year by the Department of Health and Human Services (HHS), we are passionate about making our country digitally capable and secure.
In addition, as an Amazon Web Services (AWS) Advanced Tier services partner and Google Cloud Platform (GCP) partner, we help our customers pursue innovation, reduce costs, and scale their operations efficiently.
Why Work With Us
We have a high concentration of incredibly smart cybersecurity talent and are committed to retaining them with a positive culture and outstanding benefits. We encourage collaboration, praise, and teamwork, and place heavy emphasis on continuous learning and development so our team can stay ahead of trends and the evolving threat landscape.
Gallery
.jpg)
.png)
