Senior GRC Engineering Analyst

  • Job ID: 10880BR
  • Location: US (Remote)
  • Work Setup: Remote
  • Job Category: Legal
  • Posting Date: May 21, 2026
As a Senior GRC Engineering Analyst, you will ensure Deltek’s cloud environments and information systems meet security and compliance obligations by testing technical controls, supporting audits, and maturing core GRC services. To support Deltek’s flagship GovCon products, you will partner with Cloud Operations, Product Security, Platform Delivery, and Security Operations to translate requirements into test procedures, produce audit-ready artifacts, and drive remediation.

  • Lead audits and assessments with a key focus on engineering, technical control design, and control implementation aligned to frameworks/programs such as NIST 800-53 Rev. 5, FedRAMP, CMMC, ISO 27001, PCI DSS, SOC 1, and SOC 2.
  • Test, validate, and document cloud control implementations across AWS, Azure, and OCI, including IAM, network segmentation, encryption/key management, logging/monitoring, vulnerability management, container security, infrastructure-as-code, and CI/CD pipelines.
  • Partner with Security Engineering, Cloud Engineering, DevOps, IT, and Product teams to translate compliance requirements into scalable, automated, and auditable technical controls.
  • Own assessment execution end-to-end, including scope definition, technical walkthroughs, control testing, evidence validation, issue tracking, remediation follow-up, and reporting.
  • Design, maintain, and improve audit-ready artifacts, including control narratives, test procedures, evidence mappings, technical diagrams, implementation documentation, and control validation results.
  • Facilitate technical walkthroughs with stakeholders and auditors; clearly explain control intent, system architecture, implementation details, evidence sources, and test results.
  • Identify control gaps, assess technical risk and business impact, and drive remediation to closure with accountable engineering and control owners.
  • Support continuous compliance through control automation, recurring evidence collection, control health monitoring, and integration with tools such as cloud security platforms, ticketing systems, SIEM, vulnerability management tools, and GRC platforms.
  • Own or support key GRC services, including policy lifecycle, risk management, FedRAMP continuous monitoring, POA&M management, customer due diligence, security questionnaires, and audit readiness, with a focus on process improvement and automation.
  • Build compliance metrics and reporting, including dashboards, scorecards, executive summaries, control health indicators, remediation trends, and audit readiness reporting.
  • Develop or support automation scripts, queries, workflows, or integrations to streamline evidence collection, control testing, compliance monitoring, and reporting.
  • Evaluate cloud services, system changes, and new technical implementations for compliance impact and advise teams on control requirements early in the design and deployment lifecycle.
  • Maintain strong working knowledge of cloud security architecture, identity and access management, secure SDLC, infrastructure-as-code, logging/monitoring, vulnerability management, encryption, and change management practices.
Success in the first 90 days looks like: You effectively support Cloud Operations, Product Security, Platform Delivery, and Security Operations by partnering with them to implement, validate, and improve the technical controls they own. You ensure control evidence, testing results, technical documentation, and supporting artifacts are complete, accurate, and audit-ready.
Required Qualifications:

  • 3+ years of experience in GRC engineering, cloud security or compliance, IT audit/ITGC, Security Operations (SecOps), internal audit, IT risk management, or related fields, with hands-on experience implementing, validating, security tooling and assessing technical controls.
  • Bachelor’s degree in information security, Computer Science, Informatics with Security, MIS, Engineering, or equivalent practical experience.
  • Experience assessing and validating controls in one or more major cloud platforms, including AWS, Azure, or OCI. Practical OCI experience is preferred.
  • Working knowledge of cloud security control areas such as IAM, logging and monitoring, encryption/key management, vulnerability management, network security, change management, secure SDLC, CI/CD, and infrastructure-as-code.
  • Experience partnering with engineering, security, cloud operations, or platform teams to collect evidence, validate control implementation, identify gaps, and support remediation.
  • Ability to review technical documentation, system configurations, screenshots, logs, tickets, diagrams, and other evidence to determine whether controls are operating effectively.
  • Familiarity with one or more security and compliance frameworks, such as NIST 800-53, FedRAMP, CMMC, ISO 27001, PCI DSS, SOC 1, or SOC 2.
  • Possess a security, audit, or cloud certification, such as CISA, CISSP, CCSK/CCAK, AWS, Azure, GCP, or OCI certification, or obtain one within 12 months. Candidates with relevant certification(s) already held are preferred.
US Citizenship is required for this position.

Core Competencies:
  • Excellent ability to:
    • Self-manage time and priorities while working with minimal direction and supervision.
    • Handle multiple competing priorities and projects.
    • Resolve business and technical roadblocks independently through structured problem-solving.
    • Think critically and apply strong analytical, written, verbal, and interpersonal communication skills.
  • Collaborate effectively in a team environment and take directions from senior-level staff.
  • Demonstrated initiative to learn through a combination of structured, on-the-job, and self-directed training.

Preferred Qualifications:

  • OCI experience.
  • ITAR and/or Government Cloud assessment experience.
  • Hands-on experience with FedRAMP and/or NIST 800-171, plus familiarity with CSA CCM and CIS Benchmarks.
  • Experience supporting or assessing secure software development in cloud environments (e.g., CI/CD, infrastructure as code, containers).
The U.S. salary range for this position is $76,000.00-$134,000.00. This range is subject to change as Deltek takes a number of factors into consideration when determining individual base pay, such as location, job-related knowledge, skills and experience. Certain roles are eligible for additional rewards, including incentive compensation and equity.

Benefits and perks listed here may vary depending on the nature of employment with Deltek. Employees have access to healthcare benefits, a 401(k) plan and company match, paid vacation time and holidays, well-living programs, short-term and long-term disability coverage, basic life insurance and tuition reimbursement.

10%
Built on 40 years of industry expertise Deltek is a leading provider of ERP solutions for Government contractors of all sizes. And whether these firms call them a contract within the government contracting space, an engagement within professional services firms or refer to them as a project within the AEC space, these organizations share the same ultimate goal—to win and deliver successful projects. Deltek offers complete and integrated software solutions that connect and automate every stage of the project lifecycle, enhancing project intelligence, management and collaboration. With Deltek’s industry-focused expertise and end-to-end visibility into project and financial performance, we empower businesses to make data-driven decisions, mitigate risks and deliver projects on time and within budget.
Certain roles may have additional privacy, security and compliance requirements to the extent they support Costpoint GCCM or similar product offerings.
Deltek, Inc. is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.
Deltek, Inc., utilizes the E-Verify program with every potential new hire. This makes it possible for us to make certain that every employee who works for Deltek is eligible to work in the United States. To learn more about E-Verify you can call 1-800-255-7688 or visit their website by clicking the logo below. E-Verify® is a registered trademark of the United States Department of Homeland Security.
E-Verify
Deltek is committed to the protection and promotion of your privacy. In connection with your application for employment with us at Deltek, it is necessary for us to collect, store and use information about you (“Personal Data”) to administer and evaluate your application. We are the “controller” of the Personal Data you provide us and will process any such Personal Data in accordance with applicable law and the statements contained in this Employment Candidate Privacy Notice. Additionally, we have not sold and do not sell Personal Data you provide to us through the job application process.

Let’s get started

Use our legacy experience

Similar Jobs

  1. Senior Consultant
    Herndon, VA
    Remote
  2. Principal Software Developer
    Herndon, VA
    Remote
  3. Associate Cloud AI Engineer
    Herndon, VA
    Remote

Please review and accept Targeting cookiesto view the video.

Why Join #TeamDeltek

Grow. Collaborate. Innovate.

We create innovative products and solutions that power our customers’ project success. Our market leadership is based on the work of our global and diverse team of innovators, creators and collaborators who have a passion for learning, growing and making a difference for Deltek Project Nation.

Our Award-Winning Culture

Badge-style graphic displaying 'Best Places to Work 2024 Glassdoor' with a heart icon and award ribbon symbols on a blue gradient background.

#TeamDeltek Makes a Difference

Our employees dedicate their time and resources to many worthy causes, including Blood Cancer United and Save the Children, that foster health and well-being across the globe. Deltek also empowers employees to dedicate work hours to causes they are passionate about through our Volunteer Time Off program.

Badge-style graphic displaying 'Forbes America’s Best Midsize Employers 2025, powered by Statista' on a black background with blue border accents over a blue gradient backdrop.

Build Your Career. Expand Your Potential.

All employees across the globe have access to programs and tools like LinkedIn Learning, professional speaking and defined development paths to truly own their careers.

We are building a learning community where employees can work with diverse individuals, explore new ways of thinking, and expand their capabilities through our programs.

Badge graphic featuring The Washington Post logo alongside a gold ribbon displaying 'Top Workplaces 2025' on a blue gradient background.

Community, Inclusion & Impact

We embrace and celebrate all of our differences—including ages, cultures, ethnicities, gender identities, sexual orientations, religious beliefs, disabilities and veteran status, as well as the life experiences and ideas of our employees—through our work and employee resource groups.