Cyber Security Consultant III

About The Position

Requirements

• Ability to obtain a Public Trust Clearance
• Provides expertise in secure coding, threat modeling, and vulnerability management.
• Capable of mentoring teams and promoting a culture of security across the organization.
• Minimum experience: 8+ years in application security, software development, or related roles.
• Experience with RPA and automation tools.
• Experience with integration of security into CI/CD pipelines.
• Proven success operating in high-oversight governance environments, partnering directly with department heads and lead SMEs to drive decisions, standards adoption, and measurable risk reduction.
• Executive briefing mastery: can translate complex AppSec findings into crisp, decision-grade briefs (risk, impact, options, recommendation), and handle senior-leader Q&A without losing the room.
• Exceptional people skills: known for building trust quickly, de-escalating conflict, influencing without authority, and aligning security, engineering, and product stakeholders to ship securely.
• Demonstrated ability to implement DHS standard security controls/gates in CI/CD, including automated security testing and continuous scanning.
• Working knowledge of federal security expectations and language (e.g., Zero Trust principles and relevant NIST/FISMA-aligned compliance environments) to communicate credibly in governance forums.
• Evidence they stay current on the latest AppSec advances (recent training/certs, conference/community participation, publications/talks, or demonstrable adoption of modern techniques/tools) and can brief teams on what matters and why.
• Strong written communication - produces leadership-ready artifacts (security posture summaries, threat model/readout briefs, vulnerability trends, remediation plans, decision memos).
• Familiarity with container and workload security/compliance tooling such as Twistlock.
• Familiarity with secrets management and key handling solutions such as HashiCorp Vault / Vault and AWS Key Management Service (KMS).
• Familiarity with software supply chain / component risk tooling such as NexusIQ.
• Familiarity with code quality/security tooling such as SonarQube (and using results to drive remediation and policy gates).
• Familiarity with enterprise authentication and trust controls including Kerberos and PKI concepts/implementations.
• Familiarity with security monitoring/log analysis workflows using Splunk.
• Familiarity with cloud/platform monitoring signals used for security operations and risk narratives (e.g., AWS CloudWatch, Prometheus, Grafana).
• Ability to operate within a tool-governed environment where the Approved Software List is subject to change, and where alternative tools require USG vetting/approval before use.

Responsibilities

• Ensuring security, integrity, and compliance in customer systems, applications, and services.
• Leading efforts to design, implement, and maintain secure application architectures.
• Conducting vulnerability assessments.
• Driving security best practices across the agency.

Benefits

• Flexible PTO Policy + 11 Paid Holidays
• Flexible Work Schedules (Remote / Hybrid)
• Medical / Dental / Vision / Flexible Spending Account (FSA)
• 401k Plan with Match
• Tuition & Professional Development Support
• Commuter Benefits
• Bonus & Employee Referral Programs
• Career Growth Opportunities