Cyber Security Engineer, Senior

Lcg-posted 4 days ago
$120,000 - $180,000/Yr
Full-time • Mid Level
Hybrid • Rockville, MD
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The Cyber Security Engineer role provides hands-on cybersecurity engineering support for vulnerability assessment, risk management, compliance, and continuous authorization activities in accordance with DoD, Air Force, and federal security standards. The Cyber Security Engineer works closely with DevSecOps engineers, system administrators, procurement staff, and Government stakeholders to integrate security controls throughout the software lifecycle, support Risk Management Framework (RMF) and Continuous Authority to Operate (C-ATO) processes, and maintain a strong, auditable security posture across cloud, containerized, and SaaS environments.

  • Security Engineering & Vulnerability Management Conduct software security testing across COTS, FOSS, and custom-developed tools prior to onboarding and throughout sustainment within the Client's DevSecOps environment.
  • Perform continuous vulnerability monitoring using Government-approved scanning tools, including scheduled and on-demand scans aligned with patch cycles and deployment events.
  • Integrate automated security testing into CI/CD pipelines in coordination with DevSecOps engineers to enable early detection of vulnerabilities.
  • Analyze scan results to identify, prioritize, and document vulnerabilities based on CVSS scoring, exploitability, system exposure, and mission impact.
  • Track vulnerabilities through remediation, validation, and closure, ensuring findings are properly dispositioned and documented.
  • Support patch validation and remediation activities, verifying that fixes do not introduce regressions or break security controls.
  • Assess software dependencies and third-party components for known vulnerabilities and supply-chain risk.
  • Validate secure configuration baselines following installations, upgrades, and patches.
  • Support RMF activities a system categorization, control selection, control implementation, assessment, and continuous monitoring.
  • Develop, update, and maintain security accreditation artifacts, including: System Security Plans (SSPs) Security Assessment Reports (SARs) Plans of Action & Milestones (POA&Ms)
  • Map implemented technical and procedural controls to NIST control families and document inheritance where applicable.
  • Provide cybersecurity input to support Continuous Authorization to Operate (C-ATO) processes for enterprise software tools.
  • Support security assessments, audits, and reviews by Government cybersecurity organizations.
  • Maintain RMF documentation in approved security documentation and collaboration systems.
  • Ensure security artifacts remain current, consistent, and audit-ready throughout the contract lifecycle.
  • Apply and interpret cybersecurity requirements from:
  • Support FedRAMP compliance activities for cloud-hosted and SaaS tools, including:
  • Validate that integrated tools comply with DoD security, privacy, and data protection requirements prior to approval and deployment.
  • Review software configurations to ensure alignment with approved security baselines and accreditation boundaries.
  • Identify compliance gaps and recommend technical and procedural mitigations.
  • Support ongoing continuous monitoring activities required under RMF and C-ATO models.
  • Produce security posture reports summarizing vulnerability trends, open risks, remediation progress, and compliance status.
  • Provide cybersecurity input to Software Toolchain Reports and Security Accreditation Reports required by the contract.
  • Collaborate with Government cybersecurity, engineering, procurement, and program offices to:
  • Communicate security risks
  • Recommend mitigations
  • Support risk acceptance decisions
  • Provide cybersecurity expertise to support Software Purchase Approval Packages (A003) by assessing security posture of proposed tools.
  • Participate in technical discussions related to tool onboarding, renewals, and lifecycle decisions.
  • Support incident response coordination and root-cause analysis for security-related issues impacting toolchain operations.
  • 5-7+ years of experience in cybersecurity engineering, vulnerability assessment, and security compliance within DoD or federal environments.
  • Bachelor's degree in Cybersecurity, Information Assurance (IA), Computer Science, or a related field , or equivalent professional experience.
  • Demonstrated experience supporting RMF and system authorization activities for enterprise systems.
  • Experience working within DevSecOps or CI/CD environments supporting cloud and containerized platforms.
  • One or more of the following (or equivalent): Security+ CISSP RMF-related certification
  • Proficiency with vulnerability scanning tools (e.g., Nessus, Qualys, or equivalent).
  • Experience using RMF tools and security documentation systems to develop SSPs, SARs, and POA&Ms.
  • Working knowledge of cloud security controls, container security concepts, and software supply chain risk.
  • Familiarity with Git-based collaboration tools (e.g., GitLab or equivalent) for tracking security artifacts and changes.
  • LCG offers a competitive, comprehensive benefits package which includes health insurance options (medical, dental, vision), life and disability insurance, retirement plan contributions, as well as paid leave, federal holidays, professional development, and lifestyle benefits.
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Cybersecurity Engineer Resume Examples
Cybersecurity Engineer Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service