PLEASE NOTE BEFORE APPLYING:

CODOXO IS NOT ABLE TO OFFER SPONSORSHIP OR ACCOMMODATE ANY CANDIDATES THAT ARE CURRENTLY BEING SPONSORED NOW OR IN THE FUTURE

Of the $3.8T we spend on healthcare in the United States annually, about a third of it is estimated to be lost due to waste, fraud and abuse. Codoxo is the premier provider of artificial intelligence-driven solutions and services that help healthcare companies and agencies proactively detect and reduce risks from fraud, waste, and abuse and ensure payment integrity. Codoxo helps clients manage costs across network management, clinical care, provider coding and billing, payment integrity, and special investigation units. Our software-as-a service applications are built on our proven Forensic AI Engine, which uses patented AI-based technology to identify problems and suspicious behavior far faster and earlier than traditional techniques.

We are venture backed by some of the top investors in the country, with strong financials, and remain one of the fastest growing healthcare AI companies in the industry.

Position Summary:

We are seeking a Security Engineer – FedRAMP to lead Codoxo’s security architecture and compliance efforts as we pursue our first FedRAMP Authorization to Operate (ATO). You will play a critical role in ensuring our environment meets FedRAMP Moderate baseline requirements, aligning with NIST 800-53 Rev. 5 controls and enabling Codoxo’s continuous monitoring program. This role blends technical implementation, automation, documentation, and hands-on collaboration across security, Engineering, AI, and compliance teams.

Key Responsibilities:

1. Security Architecture & Compliance

• Design and implement secure architectures aligned to FedRAMP Moderate requirements.
• Translate NIST 800-53 Rev. 5 and FIPS 140-3 requirements into actionable technical controls.
• Lead development and updates of FedRAMP System Security Plan (SSP), POA&M, and SAR.
• Support and coordinate readiness assessments with our FedRAMP Third-Party Assessment Organization (3PAO).

2. Risk Management & Continuous Monitoring

• Drive continuous monitoring efforts, including vulnerability scans, log aggregation, and real-time threat detection using tools and integrated third-party solutions.
• Maintain and automate evidence collection and control status tracking.
• Assist in developing and enforcing Codoxo’s internal security policies and compliance standards.

3. Cloud Security & DevSecOps

• Collaborate with DevOps to integrate FedRAMP security controls into CI/CD pipelines and Infrastructure-as-Code (IaC) using Terraform.
• Lead or contribute to the implementation of Zero Trust Architecture within Codoxo’s cloud environment.
• Ensure compliance and security are embedded across containerized workloads and services (e.g., EKS, ECS).

4. Incident Response & Threat Modeling

• Develop and refine Codoxo’s incident response procedures to meet FedRAMP expectations.
• Work with our internal SOC team to assess, detect, and respond to security events.
• Perform regular threat modeling to proactively mitigate evolving risks to healthcare and federal data.

Qualifications:

• Bachelor’s or Master’s in Cybersecurity, Information Security, or related field.
• 6–12 years of experience in cloud security, risk management, or compliance, including direct FedRAMP experience.
• Expert-level knowledge of FedRAMP Moderate baselines, NIST 800-53 Rev 5, and FISMA RMF.
• Demonstrated hands-on experience with AWS security services (IAM, KMS, GuardDuty, CloudTrail, Security Hub).
• Experience with FedRAMP documentation and working with 3PAOs or government agencies on ATO processes.
• Proficiency in Terraform, automation, and DevSecOps practices.
• Physical Requirements: Work is performed in an office environment (either in our office or work-from home) and requires the ability to work on a computer, operate standard office equipment, and work at a desk.

Preferred Certifications

• CISSP, CCSP, or CISM
• AWS Certified Security – Specialty
• FedRAMP or NIST compliance training or certification

Accessibility Notice: If you need reasonable accommodation for any part of the employment process due to a physical or mental disability, please send an email to careers@codoxo.com with the subject "Accommodation". Reasonable accommodation requests will be considered on a case-by-case basis.

Benefits for You

Health, Dental, and Vision insurance with 100% employee premium coverage (Starts Day 1)

Unlimited PTO

Annual Professional Development stipend

Annual home office stipend

401K Match (after 90 days)

We are an Equal Opportunity Employer:

Codoxo provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment.