Cyber Security Engineer, Senior

About The Position

Requirements

• 5-7+ years of experience in cybersecurity engineering, vulnerability assessment, and security compliance within DoD or federal environments.
• Bachelor's degree in Cybersecurity, Information Assurance (IA), Computer Science, or a related field , or equivalent professional experience.
• Demonstrated experience supporting RMF and system authorization activities for enterprise systems.
• Experience working within DevSecOps or CI/CD environments supporting cloud and containerized platforms.
• One or more of the following (or equivalent): Security+ CISSP RMF-related certification
• Proficiency with vulnerability scanning tools (e.g., Nessus, Qualys, or equivalent).
• Experience using RMF tools and security documentation systems to develop SSPs, SARs, and POA&Ms.
• Working knowledge of cloud security controls, container security concepts, and software supply chain risk.
• Familiarity with Git-based collaboration tools (e.g., GitLab or equivalent) for tracking security artifacts and changes.

Responsibilities

• Security Engineering & Vulnerability Management Conduct software security testing across COTS, FOSS, and custom-developed tools prior to onboarding and throughout sustainment within the Client's DevSecOps environment.
• Perform continuous vulnerability monitoring using Government-approved scanning tools, including scheduled and on-demand scans aligned with patch cycles and deployment events.
• Integrate automated security testing into CI/CD pipelines in coordination with DevSecOps engineers to enable early detection of vulnerabilities.
• Analyze scan results to identify, prioritize, and document vulnerabilities based on CVSS scoring, exploitability, system exposure, and mission impact.
• Track vulnerabilities through remediation, validation, and closure, ensuring findings are properly dispositioned and documented.
• Support patch validation and remediation activities, verifying that fixes do not introduce regressions or break security controls.
• Assess software dependencies and third-party components for known vulnerabilities and supply-chain risk.
• Validate secure configuration baselines following installations, upgrades, and patches.
• Support RMF activities a system categorization, control selection, control implementation, assessment, and continuous monitoring.
• Develop, update, and maintain security accreditation artifacts, including: System Security Plans (SSPs) Security Assessment Reports (SARs) Plans of Action & Milestones (POA&Ms)
• Map implemented technical and procedural controls to NIST control families and document inheritance where applicable.
• Provide cybersecurity input to support Continuous Authorization to Operate (C-ATO) processes for enterprise software tools.
• Support security assessments, audits, and reviews by Government cybersecurity organizations.
• Maintain RMF documentation in approved security documentation and collaboration systems.
• Ensure security artifacts remain current, consistent, and audit-ready throughout the contract lifecycle.
• Apply and interpret cybersecurity requirements from:
• Support FedRAMP compliance activities for cloud-hosted and SaaS tools, including:
• Validate that integrated tools comply with DoD security, privacy, and data protection requirements prior to approval and deployment.
• Review software configurations to ensure alignment with approved security baselines and accreditation boundaries.
• Identify compliance gaps and recommend technical and procedural mitigations.
• Support ongoing continuous monitoring activities required under RMF and C-ATO models.
• Produce security posture reports summarizing vulnerability trends, open risks, remediation progress, and compliance status.
• Provide cybersecurity input to Software Toolchain Reports and Security Accreditation Reports required by the contract.
• Collaborate with Government cybersecurity, engineering, procurement, and program offices to:
• Communicate security risks
• Recommend mitigations
• Support risk acceptance decisions
• Provide cybersecurity expertise to support Software Purchase Approval Packages (A003) by assessing security posture of proposed tools.
• Participate in technical discussions related to tool onboarding, renewals, and lifecycle decisions.
• Support incident response coordination and root-cause analysis for security-related issues impacting toolchain operations.

Benefits

• LCG offers a competitive, comprehensive benefits package which includes health insurance options (medical, dental, vision), life and disability insurance, retirement plan contributions, as well as paid leave, federal holidays, professional development, and lifestyle benefits.