Information Security Engineer

Find•Herndon, VA

19h•Hybrid

About The Position

This senior-level positionâ¯Information Security Engineer will serve as a member of the Exostar Information Security Office and will report to the Manager of Governance & Engineering. This role is designed for a hands-on security engineer with deep technical and architectural experience who can translate that expertise into effective engineering, audit, policy, and compliance outcomes. The individual will be expected to independently assess risk, design and evaluate secure architectures, implement and validate technical security controls, and clearly articulate how those controls satisfy regulatory and audit requirements. The ideal candidate brings strong engineering credibility across infrastructure, cloud, and identity-related systems, and is equally effective working with customers, auditors, and technical stakeholders. This role requires comfort operating in high-visibility audit and customer-facing contexts, exercising technical expertise, and driving issues to closure.

Requirements

7+ years of demonstrated IT Security engineering experience providing guidance to technical teams
5+ years of demonstrated experience performing threat modeling and security risk assessments.
5+ years of demonstrated network engineering and administration experience
5+ years of demonstrated experience designing and implementing security controls in onpremise and cloud environments.
Strong experience with secure SDLC practices in Agile and DevSecOps environments.
Demonstrated experience authoring SSPs, POA&Ms, and technical audit documentation.
Significant experience working with ISO/IEC 27001/27002, NIST SP 800171, and NIST SP 80053.
Experience supporting and participating in audits and assessments (e.g., SOC 2, ISO 27001, Cyber Essentials).
Strong written and verbal communication skills with the ability to explain technical concepts to auditors, leadership, and business stakeholders.
Significant experience working in Jira and Confluence.
Ability to pass background investigation to attain and maintain Trusted Role access to company systems.
Core network services (HTTP, SMTP, DNS) and supporting server technologies.
Encryption technologies (IPSec, SSL/TLS).
Network security controls (firewalls, proxies, NAC, phishing prevention, etc.).
SIEM and logging architectures; familiarity with FIM technologies.
Windows Active Directory and domain services.

Nice To Haves

CMMC CCA or CCP
FedRAMP auditor / implementer
CISSP and other similar technical certifications
Experience with Governance, Risk, and Compliance tools
Cloud computing and architecture
Windows Domains and Active Directory
End-point Protections (HIPS/HIDS)
Web Application Programming (Java and related technologies)
Knowledge and demonstrated experience designing multi-tier, highly available, multi-threaded, scalable architectures.
Secure development frameworks (e.g. OWASP SAMM, Microsoft Security Development Lifecycle, IBM Secure Engineering Framework, etc.)
Public Key Infrastructure (PKI)
Identity Federation Technologies (SAML, etc.)
Business Continuity and Disaster Recovery planning
SharePoint
Data Loss Prevention (DLP)
Data Labeling and Information Rights Management
S/MIME-based Secure Email
Windows Domains and Active Directory
Identity Access Management (IAM)

Responsibilities

Assess, design, and provide guidance on secure architectures for onpremise and cloud environments, including identity, access, network, and platform services.
Engage directly with infrastructure, platform, and development teams to translate security requirements into implementable technical designs and controls.
Provide hands-on engineering support for the implementation, validation, and remediation of technical security controls.
Perform threat modeling and security risk assessments and coordinate actionable mitigation strategies.
Provide engineering support for controls aligned to frameworks such as CMMC L2, FedRAMP Moderate, ISO/IEC 27001, IAM, SOC 2, etc.
Write and maintain technical control descriptions based on current architecture and operational practices.
Support and lead internal and external audits and assessments, including direct interaction with auditors and customers.
Translate technical implementations into clear, accurate, and defensible audit evidence.
Create, review, and update information security policies, standards, procedures, and guidelines to reflect actual system architecture and operations.
Identify, assess, and communicate security risks to technical and non-technical stakeholders.
Track remediation efforts and drive issues to closure across multiple teams.
Evaluate emerging technologies, regulatory changes, and industry trends to assess potential impact to Exostar’s security posture.
Provide subject matter expertise for Identity and Access Management (IAM) and Public Key Infrastructure (PKI) systems.
Support auditing and compliance of PKI, identity federation, and authentication services.
Collaborate on governance documentation related to identity, trusted roles, and access control programs.

Benefits

We believe in employee development: we promote internally and provide training and educational assistance
We provide a fun, engaged workplace, with social and community-building events
We offer comprehensive benefits and flexible time off plans

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume