Cybersecurity Engineer III (InSITE)

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Engineering, or related field; or an equivalent combination of education and experience.
• Typically, 7+ years of progressively responsible experience in cybersecurity, system security engineering, or closely related fields.
• Demonstrated experience leading security assessments (SAST/DAST, vulnerability scans) for complex applications and environments.
• Demonstrated experience leading DISA STIG/SRG-based hardening and assessments for servers, applications, and databases.
• Demonstrated experience leading RMF/ATO efforts for government or regulated systems, including continuous monitoring.
• Demonstrated experience leading penetration testing efforts, either hands-on or through oversight of specialized teams.
• Expert knowledge of application security, OWASP Top 10, and secure SDLC best practices.
• Expert knowledge of vulnerability management processes and tools in multi-environment deployments (Dev/Test/Prod).
• Expert knowledge of system and network security for Windows Server, IIS, SQL/Azure SQL, and cloud-hosted solutions.
• Proven experience with enterprise vulnerability management tools (e.g., Tenable/Nessus, Qualys, comparable tools).
• Proven experience with application security tools (SonarQube, Fortify, Veracode, Burp Suite, OWASP ZAP, etc.).
• Proven experience with DISA STIGs, DoD SRGs, and associated implementation in production environments.
• Strong understanding of NIST SP 800-53, NIST RMF, and ATO/continuous monitoring requirements.
• Strong understanding of cloud security architectures and controls (Azure preferred for InSITE).
• Demonstrated leadership skills, including leading cross-functional security initiatives and driving remediation efforts.
• Demonstrated leadership skills, including mentoring and guiding junior and mid-level engineers.
• Demonstrated leadership skills, including effectively interfacing with program managers, customers, and other stakeholders.
• Excellent written and verbal communication skills, including authoring formal technical reports and security documentation.
• Excellent written and verbal communication skills, including presenting complex security issues and trade-offs to technical and non-technical audiences.
• Strong analytical and decision-making skills with the ability to balance mission needs, risk, and compliance.
• U.S. Citizenship required.
• Ability to obtain and maintain a [Secret / Top Secret / as required] security clearance for the WTRS program.

Nice To Haves

• DoD 8570/8140 compliant certification at IAT III or IASAE level (e.g., CISSP, CASP+, CSSLP, or similar) strongly preferred; may be required by contract.
• Offensive or advanced security certifications (e.g., OSCP, OSWE, GPEN, GCIH) highly desirable.

Responsibilities

• Lead cybersecurity engineering for the InSITE/WTRS program, serving as the primary cyber point of contact for program management, engineering leadership, and customer stakeholders.
• Provide input to program planning, schedules, and resource estimates for cybersecurity activities.
• Represent cybersecurity in TIMs, design reviews, Agile events, and other key meetings.
• Architect and oversee the security assessment strategy, defining and maintaining the integrated assessment strategy encompassing SAST, DAST, penetration testing, vulnerability assessments, and STIG/SRG compliance.
• Ensure alignment of assessment activities with RMF, ATO, and organizational security requirements.
• Lead static and dynamic application security testing, overseeing static code analysis and integration into the development lifecycle, and guiding web application vulnerability scanning and remediation.
• Provide expert-level interpretation of findings, risk evaluation, and remediation guidance.
• Lead vulnerability management and continuous monitoring, directing monthly vulnerability scanning and analysis, prioritizing vulnerabilities, and coordinating remediation strategies.
• Establish or refine processes for continuous monitoring, security metrics, and reporting.
• Lead quarterly STIG/SRG assessments and system hardening, overseeing the application of DISA STIGs and SRGs across relevant technologies and ensuring STIG checklists are current, complete, and accurately documented.
• Drive remediation efforts and risk acceptance decisions in coordination with program leadership and the customer.
• Lead penetration testing and advanced assessments, including planning, scoping, and developing test plans and rules of engagement.
• Coordinate execution of penetration tests to discover and exploit application and infrastructure vulnerabilities.
• Produce or review final penetration test reports with clear risk assessment, supporting evidence, and actionable mitigation plans.
• Own ATO / RMF and continuous monitoring for InSITE, leading the development, finalization, and submission of the Security Authorization Package (SAP) to obtain and maintain ATO.
• Oversee RMF activities, including control implementation, assessment, POA&M management, and ongoing risk management.
• Ensure continuous monitoring tasks are properly planned, executed, and documented.
• Mentor and develop junior and mid-level cybersecurity staff by providing technical guidance, task direction, and quality reviews.
• Promote best practices for secure design, secure coding, and secure operations across the team.
• Develop and maintain high-quality technical deliverables, producing and reviewing formal reports and presenting findings, risks, and recommendations.
• Identify opportunities for process and tool improvements, recommending automation, integration with CI/CD pipelines, and other enhancements.
• Perform other duties as assigned.