About Keyfactor 

Our mission is to build a connected society, rooted in trust, with identity-first security for every machine and human. Keyfactor helps organizations move fast to establish digital trust at scale — and then maintain it. With decades of cybersecurity experience, Keyfactor is trusted by more than 1,500 companies across the globe. We are proud to continually earn recognition as a Best Place to Work, and we achieve that through our amazing people who cultivate our culture as we grow. We hope you will trust your future with Keyfactor! 

Title: Information Security Engineer

Location: United States; Remote

Experience: Mid-Level

Job Function: IT Compliance

Employment Type: Full-Time

Industry: Computer Network & Security

Job Summary

We are seeking an experienced Information Security Engineer with a strong background in implementing and managing general information security frameworks, including ISO 27001:2022 and SOC 2 Type II. Experience with government compliance frameworks, such as FedRAMP and CMMC, is preferred. This role involves designing, maintaining, and improving our security infrastructure to ensure compliance with regulatory standards and support continuous monitoring efforts. The ideal candidate will play a key role in safeguarding the organization’s data and infrastructure while driving adherence to evolving security best practices.

The position is based in the US and can be performed remotely. Applicants must hold U.S. citizenship or U.S. permanent resident status.

Job Responsibilities

  • Experience conducting vulnerability assessments, system audits, and risk analysis using industry-standard scanning tools (e.g., Nessus, Azure security tools, Tenable, Burpsuite, etc…) to support a proactive security posture.
  • Manage and implement continuous monitoring processes to ensure the organization maintains compliance with a variety of information security frameworks, including ISO 27001:2022 and SOC 2 Type II. Experience with government compliance standards such as FedRAMP (NIST SP 800-53) and CMMC is preferred. This role focuses on ensuring robust security practices and adapting to evolving compliance requirements.
  • Collaborate closely with IT, DevOps, Engineering, and Compliance teams to enforce security policies, procedures, and best practices.
  • Actively monitor, analyze, and respond to security alerts and incidents, performing investigations, incident handling, and recommending corrective actions.

Provide expert guidance on security matters to support secure development and operations.

  • Assist in developing, managing, and updating security documentation, including System Security Plans (SSPs), Plan of Actions & Milestones (POA&Ms), and other Risk Management Framework artifacts required by FedRAMP
  • Applying and validating Security Technical Implementation Guides (STIGs) and government guidelines to configure and secure systems according to federal standards across multiple OS’s, system types, and technologies

Minimum Qualifications, Education, and Skills

  • 5+ years of experience in information security or a similar role
  • Proficiency in vulnerability scanning tools (Nessus, Burpsuite, Tenable, etc…) and interpreting scan results for remediation.
  • Strong knowledge of security standards
  • Demonstrated experience in continuous monitoring, network security, firewalls, VPNs, IDS/IPS, and endpoint protection.
  • Strong analytical skills and a meticulous approach to problem-solving
  • Demonstrated capability to deliver results on-time and to a defined schedule.
  • Relevant certifications (e.g., CISSP, CompTIA Security+, CAP) are strongly preferred
  • Familiarity with cloud security principles
  • Experience with security automation and continuous monitoring tools
  • PKI knowledge a plus
  • Knowledge of scripting languages (Python, PowerShell) to automate security processes
  • Experience in STIG configuration & implementation, and best practices for implementing these in various environments preferred
  • Expertise in Government related InfoSec compliance frameworks such as NIST 800-53, NIST 800-171 preferred
  • Experience with government-regulated environments (AWS GovCloud, Azure Government) preferred

Level of Authority

  • Limited level of authority. Authority involves tasks such as executing assigned duties, following established procedures, and making recommendations within their area of expertise, while seeking guidance or approval from more experienced team members or supervisors for significant actions or changes.

Travel Requirements

  • Up to 10% travel required.

 

Compensation  

Salary will be commensurate with experience.  

Culture, Career Opportunities and Benefits 

We build teams that continually strive to get better than the day before. You will be challenged daily and given opportunities to grow personally and professionally. We balance autonomy and structure to create an entrepreneurial environment to spur creativity and new ideas.  

Here are just some of the initiatives that make our culture special:   

  • Second Fridays (a company-wide day off on the second Friday of every month). 
  • Comprehensive benefit coverage, paid for by the company for you and your dependents (US). 
  • Generous paid parental leave (US). 
  • Dedicated employee-focused ambassadors via Key Contributors & Culture Committees. 
  • DIVERSE Commitment, a call to action for a more inclusive and diverse future in business, society, and technology. 
  • The Keyfactor Alliance Program to support DEIB efforts. 
  • Wellbeing resources, wellness allowance, mindfulness app free membership, Wellness Wednesdays. 
  • Global Volunteer Day, company non-profit matching, and 3 volunteer days off. 
  • Unlimited time off (US) and competitive time off globally. 
  • Monthly Talent development and Cross Functional meetings to support professional development. 
  • Regular All Hands meetings – followed by group gatherings. 

Our Core Values 

Our core values are extremely important to how we run our business and what we look for in every team member:  

Trust is paramount. 

We deliver security software and solutions where trust and openness are of the highest importance for our customers. We are honest and a trusted partner in every aspect of business.  

Customers are core. 

We strategize, operate, and execute through a customer-centric view. We prioritize the security interests of our customers, and we act as if their data were our own.  

Innovation never stops, it only accelerates. 

The speed of change is accelerating. We are committed, through investment and focus, to stay ahead of the innovation curve.  

We deliver with agility.  

We thrive in high-paced and continually changing environments. We navigate through newly added variables, adjust accordingly, while driving towards our strategic goals.  

United by respect.  

Respect for all is what unites us. We promote diversity, inclusivity, equity, and acting with empathy and openness, both in our business and in our communities.  

Teams make “it” happen. 

Vision and goals are not individually achievable – they require teamwork. We pride ourselves in operating as a cohesive team, creating promoters and partners, and winning as one.  

Keyfactor is a proud equal opportunity employer. 

 

REASONABLE ACCOMMODATION: Applicants with disabilities may contact a member of Keyfactor’s People team via people@keyfactor.com and/or telephone at 1.216.785.2990 to request and arrange for accommodations at any time. 

Keyfactor Privacy Notice 

Apply for this Job

* Required
resume chosen  
Dropbox Google Drive
(File types: pdf, doc, docx, txt, rtf)
Cancel
cover_letter chosen  
Dropbox Google Drive
(File types: pdf, doc, docx, txt, rtf)
Cancel
When autocomplete results are available use up and down arrows to review
+ Add another education

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Keyfactor, Inc.’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

Enter the verification code sent to to confirm you are not a robot, then submit your application.

This application was flagged as potential bot traffic. To resubmit your application, turn off any VPNs, clear the browser's cache and cookies, or try another browser. If you still can't submit it, contact our support team through the help center.