Lead Security Engineer

Dev TechnologySuitland, MD
$120,000 - $190,000Hybrid

About The Position

We are seeking a Subject Matter Expert (SME)–level Lead Security Engineer to lead application security across a large-scale, cloud-native federal modernization program. This role provides technical and management leadership on major security tasks, embedding security into every phase of the System Development Life Cycle (SDLC) using a DevSecOps methodology. The ideal candidate will architect and enforce Zero Trust principles, drive Authorization to Operate (ATO) activities, and direct application security testing, threat modeling, and vulnerability remediation across a System of Systems (SoS). This position interfaces with senior Government stakeholders and the Office of Information Security (OIS), and decision-making and domain knowledge may have a critical impact on overall program implementation. May supervise others.

Requirements

  • Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field
  • 15+ years of relevant IT/cybersecurity experience, providing technical and management leadership on major tasks or technology assignments (SME level)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Demonstrated expertise in integrating security into a DevSecOps SDLC, including CI/CD security gates and automated security testing
  • Hands-on experience implementing Zero Trust Architecture and applying NIST SP 800-53 controls and the NIST Cybersecurity Framework
  • Proven experience leading vulnerability assessments, penetration testing, and threat modeling for enterprise applications
  • Experience supporting the ATO lifecycle and managing POA&Ms, security artifacts, and evidence collection
  • U.S. Citizenship required

Nice To Haves

  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Experience generating Software Bill of Materials (SBOMs) and implementing software supply-chain security controls
  • Familiarity with SIEM deployment, container/image hardening, and secure baseline configuration
  • Experience in large-scale, multi-cloud federal environments and FedRAMP processes
  • Strong analytical, problem-solving, written, and verbal communication skills, including the ability to brief senior Government stakeholders

Responsibilities

  • Lead the design and implementation of application security solutions, frameworks, and processes across all phases of the SDLC
  • Implement Zero Trust (ZT) principles for applications, workloads, and data, aligned with EO 14028, OMB M-22-09, and NIST SP 800-207 (Zero Trust Architecture)
  • Integrate security into DevSecOps CI/CD pipelines, establishing security gates, automated code inspection, and supply-chain controls, including Software Bill of Materials (SBOM) generation
  • Direct Static and Dynamic Application Security Testing (SAST/DAST), vulnerability assessments, and penetration testing to identify, triage, and remediate security weaknesses
  • Lead threat modeling exercises to analyze application architecture, identify attack vectors, and document mitigation strategies throughout design, development, testing, and deployment
  • Support the Authorization to Operate (ATO) process, including security control assessment, artifact and evidence collection, Privacy Threshold Analysis/Privacy Impact Assessment support, and Plan of Action and Milestones (POA&M) management
  • Implement security controls in accordance with the NIST Cybersecurity Framework and NIST SP 800-53, and remediate identified vulnerabilities and compliance findings
  • Design and implement secure architecture patterns — secure API design, authentication/authorization, input validation, encryption, secure logging and monitoring (SIEM), and secure error/session/configuration management
  • Develop and maintain metrics, dashboards, and reporting to track application security posture, threat trends, and remediation progress over time
  • Support the development and management of Interagency Security Agreements (ISA), security playbooks, and incident response in accordance with current cybersecurity policies
  • Collaborate with application developers, data engineers, systems engineers, and OIS to identify and mitigate vulnerabilities, and provide expert security consultation to development teams
  • Assist in FedRAMP certification activities and the assessment/remediation of independent penetration testing results, as applicable

Benefits

  • Generous and flexible time-off policy
  • Flexible work schedules and telework options, including remote work availability for eligible projects
  • Career development opportunities including a mentorship program, technical and management training through Dev University, hands-on learning through DevLab, tuition reimbursement, and paid training opportunities
  • Industry-leading benefits including a choice of two health plans that include dental and vision, flexible spending account, commuter benefits, life insurance, and more
  • 401K matching with a 5% matching contribution
  • Regular team and company social events including our annual party, happy hours, fitness challenges, and more
  • A focus on community engagement including company wide support activities, employer match for donations, and time off for volunteer efforts
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service