Senior Full-Stack Security​/GRC Platform Engineer

Job Family:
Cyber Engineering (CYS) |

Travel Required:

Up to 10% |

Clearance Required:

None

• Maintain and extend a FastAPI backend with hundreds of registered API routes.
• Build and refine React/Type Script product workflows across a large frontend surface.
• Design and maintain SQL Alchemy models, Alembic migrations, Postgre
  
  SQL queries, and data integrity rules.
• Support scanner integrations, finding normalization, deduplication, evidence workflows, and compliance mapping.
• Maintain AI‑assisted features through a centralized provider abstraction rather than direct calls to providers.
• Work across GRC workflows including findings, evidence, SSPs, POA&Ms, RMF, FedRAMP/FISMA, SCRM, ZTA, ISCM, risk acceptance, and reporting.
• Keep local development and test environments healthy using Docker Compose, Redis, Postgre
  
  SQL, worker queues, Ollama, observability services, and frontend tooling.
• Maintain quality gates including linting, type checking, OpenAPI drift checks, migration safety, SDK drift, architecture boundaries, and test suites.
• Debug issues across frontend state, API contracts, database state, workers, scanner output, generated SDKs, and deployment configuration.
• Treat documentation as helpful but secondary to the codebase; validate assumptions against source, tests, migrations, and running behavior.

• Minimum of six (6) years’ experience with Python backend development.
• Strong FastAPI, Pydantic, SQL Alchemy, Alembic, async Python, and pytest experience.
• Strong React, Type Script, Vite, React Router, React Query, and component architecture experience.
• Postgre
  
  SQL experience, including schema design, migrations, indexes, JSON/JSONB, and relational integrity.
• Experience maintaining large API surfaces and generated frontend API clients.
• Experience with background jobs or async workers using Redis‑backed queues.
• Strong security engineering fundamentals: authentication, authorization, RBAC, audit logs, secret handling, dependency risk, and input validation.
• Ability to diagnose source‑of‑truth issues when documentation, generated code, database schema, and runtime behavior disagree.
• Security/GRC Domain Skills including vulnerability findings and remediation workflows, evidence collection and sufficiency, SSPs, POA&Ms, control mappings, audit packages, and risk acceptance.
• Knowledge of NIST 800‑53, RMF, FedRAMP/FISMA, CMMC, SCRM, ZTA, ISCM, and related compliance concepts.
• Experience with scanner output from cloud security scanners, vulnerability scanners, SAST/IaC tools, secret scanners, identity/M365 scanners, and web security scanners.
• Provenance, auditability, and defensibility requirements for regulated workflows.
• AI/LLM Product
  
  Skills:
  
  building AI‑assisted product features, understanding of RAG, embeddings, document extraction, prompt/context design, and evidence citation.
• Ability to enforce scoped context, provenance, guardrails, and human‑review boundaries.
• Comfort maintaining provider abstractions across local and cloud AI providers.
• Infrastructure and Operations
  
  Skills:
  
  Docker Compose for local development, AWS‑style production operations, Terraform or similar IaC experience, CI/CD debugging, observability, logs, health checks, and operational runbooks.

• Prior experience with GRC, audit automation, security consulting tools, vulnerability management, FedRAMP/FISMA, or SSP/POA&M workflows.
• Experience with generated OpenAPI SDKs.
• Experience producing PDF, Excel, DOCX, PowerPoint, or audit package exports.
• Experience with immutable audit logs, provenance chains, multi‑tenant permissions, or evidence workflows.

$86,500.00 – $ annually. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience, and training.

• Medical, Rx, Dental & Vision Insurance
• Personal and Family Sick Time & Company Paid Holidays
• Parental Leave
• 401(k) Retirement Plan
• Group Term Life and Travel Assistance
• Voluntary Life and AD&D Insurance
• Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts
• Transit and Parking Commuter Benefits
• Short-Term & Long-Term Disability
• Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities
• Employee Referral Program
• Corporate Sponsored Events & Community Outreach
• annual membership
• Employee Assistance Program
• Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and  protection, etc.)

Guidehouse is an Equal Opportunity Employer–Protected Veterans, Individuals with Disabilities or any other basis protected by law, ordinance, or regulation.