Security Engineer (US - Remote)

What to expect when you join Tantus, a Sikich Subsidiary

Team members at Tantus, a Sikich Subsidiary have a lot in common while also being part of a rich and varied group of contributors, creating a distinct and thriving culture. Chief among our commonalities is a desire for growth and a shared unity of purpose in our professional lives. We believe that through diverse perspectives, challenging the status quo and rewarding action, we accelerate innovation and drive growth – for our clients, for ourselves and for our communities.

The professional services landscape continues to evolve. For Tantus, a Sikich Subsidiary, this means we have an opportunity to further cement our leadership position in this industry and continue to grow our organization in increasingly exciting ways. This growth is meaningful for every team member at our company because larger companies simply see more interesting client opportunities and can attract impressively talented individuals like you. Through a dedicated focus on key business priorities and intentionally creating a rewarding employee experience, Tantus, a Sikich Subsidiary has developed into a highly regarded provider of professional services and a sought-after employer of choice.

Do you want to work with other skilled and agile practitioners who thrive on challenge and growth? We believe everyone has untapped potential. That’s why we lead with vision and act fast, pairing deep expertise with practical solutions. Our teams cut through complexity and deliver real impact. It's our hope that you find more than just a job. At Tantus, a Sikich Subsidiary, you'll find optimism, clear insights and genuine warmth, without egos.

Are you ready to grow with us?

Position summary

The Security Engineer is a member of the Security Engineering Team supporting CMS CCSQ's ISG under the SIO contract. Security Engineers configure, optimize, and maintain AWS WAF policies and CMS-approved security tooling across CCSQ FISMA systems, cloud environments, and CI/CD pipelines. This role operates at the intersection of cloud security engineering and compliance, partnering closely with ISSOs, ADOs, and the Security Compliance team to maintain a robust and audit-ready security posture.

What will you do in this role?

• Configure, tune, and document AWS WAF policies for in-scope applications in CMS OIT Hybrid AWS and QualityNet AWS per CMS change control procedures
• Coordinate with ADOs and platform teams on WAF and security tooling optimizations
• Support detection triage using CMS-approved tools (Security Hub, GuardDuty, Inspector) including rule tuning, configuration controls, and vulnerability management handoffs
• Provide security engineering support during CMS business hours and ad-hoc after-hours support for critical incidents upon Government request
• Document and maintain records of all WAF and security tooling changes for CMS oversight and audit readiness
• Implement and validate defense-in-depth controls against CMS policy and approved benchmarks (CIS, NIST, cloud vendor best practices)
• Record gaps, risks, and remediation actions in CMS-approved tracking tools; support posture dashboards
• Validate logging, monitoring, and detection coverage — including log source onboarding, alert configurations, and detection use cases
• Automate CI/CD pipeline security checks and embed DevSecOps best practices
• Support cloud migration security from QualityNet AWS to CMS OIT Hybrid AWS, including defining migration security tasks and validating control continuity
• Attend PI Planning events; contribute security user stories, acceptance criteria, and dependency identification
• Apply MITRE ATT&CK and Cyber Kill Chain frameworks to threat-informed detection and response

What do you need to succeed in this role?

• Bachelor's degree in Cybersecurity, Computer Science, IT, or related field
• 7+ years of cybersecurity engineering or cloud security experience in a federal IT environment
• Hands-on expertise with AWS security services: WAF, Security Hub, GuardDuty, Inspector, IAM
• Experience with FISMA compliance, NIST 800-53 controls, and ATO documentation
• Proficiency with vulnerability scanning tools (Tenable, Nessus); familiarity with POA&M tracking

In compliance with this state’s pay transparency laws, the midpoint of the salary range for this role is $165,000. This is not a guarantee of compensation or salary, as final offer amount may vary based on factors including but not limited to experience and geographic location.

In addition, specific skills/experience required are as follows:

• Servant Leader – You are hyper focused on engaging employees, fostering their development, and building a positive culture. 
• Solutions Focused – You see opportunities in every business problem and can develop, articulate, and implement solutions. 
• Collaboration – You are a relationship builder across all levels of the organization and across all business units. 
• Instills Trust - You do what you say, and you follow through on commitments, you act with integrity, you are consistent and are perceived as credible. 
• Impact & Influence Thinking – You gain support for ideas, proposals, and solutions, and get others to act, with or without formal authority, to advance initiatives/objectives. 

About Tantus, a Sikich Subsidiary

Tantus, a Sikich Subsidiary, offers the public and private sectors a diverse platform of professional services across consulting, technology, and compliance. Highly specialized and hands-on teams deliver integrated solutions rooted in deep industry experience. Our approach is strategically and thoughtfully designed to help our clients, teams and communities accelerate success.

Tantus, a Sikich Subsidiary has approximately 2,000 team members and operates across North America, EMEA and APAC. 

Tantus, a Sikich Subsidiary Total Rewards

Our team members enjoy expansive benefits ranging from competitive compensation and insurance options to wellness programs and a flexible time off policy, to name only a few. Tantus, a Sikich Subsidiary also takes pride in prioritizing team members’ health, total wellbeing and time spent with family, friends and in the pursuit of personal goals, hobbies, and endeavors.

Some examples of our many benefits:

• Tantus, a Sikich Subsidiary maintains a Flexible Time Off (FTO) Policy. We encourage every full-time employee, as your role permits, to utilize paid time off (personal time, mental/physical health care, vacation, sick leave, etc.). Waiting for time off to accrue is common at other companies. At Tantus, a Sikich Subsidiary, you do not have to wait for this benefit to kick in. FTO is activated on your first day with our organization.
• Tantus, a Sikich Subsidiary will also recognize paid holidays during the year and strives to permit employees to have time off the last week of the calendar year when client and project work permits.
• Tantus, a Sikich Subsidiary offers a comprehensive wellness program to engage, challenge and empower team members to take responsibility for their wellbeing. Activities can be tracked through our wellness provider to obtain gift cards and other rewards.

We also offer:

• Flexible work arrangements
• Health, dental, vision, life, and accident/death/disability insurance options
• HSA employer contribution
• Eleven (11) paid holidays annually.
• A robust paid Parental Bonding Leave program covering birth, adoption, and foster children.
• 401(k) with employer contributions
• Tuition reimbursement
• Generous employee referral bonus program
• Client referral bonus program
• Pet insurance
• FORCE – Tantus, a Sikich Subsidiary community volunteer program enabling each team member to use up to four hours of paid time annually to volunteer and make a difference in their local communities.

Want to learn more? Visit our Careers website or Glassdoor profile.

Tantus, a Sikich Subsidiary is an Equal Opportunity Employer M/F/D/V

Sikich practices in an alternative practice structure in accordance with the AICPA Professional Code of Conduct and applicable law, regulations, and professional standards. Sikich CPA LLC is a licensed CPA firm that provides audit and attest services to its clients, and Sikich LLC and its subsidiaries provide tax and business advisory services to its clients. Sikich CPA LLC has a contractual arrangement with Sikich LLC under which Sikich LLC supports Sikich CPA LLC’s performance of its professional services. Sikich LLC and its subsidiaries are not licensed CPA firms. 

“Sikich” is the brand name under which Sikich CPA LLC and Sikich LLC provide professional services.  The entities under the Sikich brand are independently owned and are not liable for the services provided by any other entity providing services under the Sikich brand. The use of the terms “our company”, “we” and “us” and other similar terms denote the alternative practice structure of Sikich CPA LLC and Sikich LLC.