Security Configuration Management Engineer

Due to Federal Government contract requirement, U.S. Citizenship is required for this position.

FedRamp Staff may be subject to customer or third party background checks up to and including Secret Clearance if required by their role at SentinelOne. 

What are we looking for?

At SentinelOne, cybersecurity is at the core of everything we do — and strong configuration management is key to protecting our systems and the sensitive data we handle. We’re looking for a Security Configuration Management Engineer to lead and mature our configuration and change management practices across both our FedRAMP and commercial SaaS environments. In this role, you’ll own critical security processes, drive compliance with NIST and FedRAMP controls, and work closely with engineering teams to embed secure practices into our SDLC and CI/CD pipelines.

What will you do?

• Serve as the InfoSec lead for configuration and change management across our FedRAMP-authorized SaaS environment
• Own and manage the NIST 800-53 CM control family (and related controls), including implementation, documentation, process improvements, and audit readiness
• Administer and continuously improve the FedRAMP Change Control Board (CCB), including deployment review, documentation validation, and rollback planning
  Lead the continuous monitoring (ConMon) process for change-related failures, including root cause analysis, remediation planning, and reporting
• Automate tracking and documentation (e.g., CMDB integration) to improve accuracy, reduce manual effort, and accelerate audits
• Partner with engineering teams to embed FedRAMP controls into CI/CD pipelines and the SDLC
• Participate in SCR (Significant Change Request) discovery and reviews, providing guidance on security architecture and compliance impacts
• Lead training and awareness efforts across technical teams to ensure strong understanding of configuration management, change control, and FedRAMP responsibilities
• This position may involve extended hours or on-call responsibilities during production events or compliance deadlines.

What skills and knowledge should you bring?

• Bachelor’s degree and/or 8+ years of experience in Security, IT, or DevSecOps environments
• 3+ years of hands-on experience with configuration and change management in large-scale, enterprise SaaS environments
• Strong understanding of NIST 800-53 (especially the CM family) and experience operating in a FedRAMP or regulated cloud environment
• Familiarity with secure SDLC practices and CI/CD pipelines (e.g., GitHub Actions, Argo/CD, Jenkins, Terraform, etc.)
• Excellent communication skills, with the ability to translate technical risks into business terms and work cross-functionally with engineering, compliance, and sales
• Proficiency with security tools and infrastructure such as SIEMs, firewalls, endpoint protection, MDM, host-based IDS/IPS, AWS services, and CMDB platforms

Preferred Certifications

Relevant certifications are preferred and demonstrate expertise in security, risk, and configuration management, including:

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)
• Cloud security certifications (e.g., AWS Certified Security – Specialty, Azure Security Engineer Associate)

Why Us?

• You will be joining a cutting-edge company, where you will tackle extraordinary challenges and work with the very best in the industry
• Medical, Vision, Dental, 401(k), Commuter, Health and Dependent FSA
• Unlimited PTO
• Industry-leading gender-neutral parental leave
• Paid company holidays
• Paid sick time
• Employee stock purchase program
• Disability and life insurance
• Employee assistance program
• Gym membership reimbursement
• Cell phone reimbursement
• Numerous company-sponsored events including regular happy hours and team-building events