Lead Security Engineer

About The Position

Requirements

• Demonstrated expertise integrating security into a DevSecOps SDLC, including CI/CD security gates and automated security testing
• Hands-on experience implementing Zero Trust Architecture and applying NIST SP 800-53 controls and the NIST Cybersecurity Framework
• Proven experience leading vulnerability assessments, penetration testing, and threat modeling for enterprise applications
• Experience supporting the ATO lifecycle and managing POA&Ms, security artifacts, and evidence collection
• Bachelor’s Degree in Information Technology, Computer Science, Cybersecurity, or a related field
• 15+ years of relevant IT/cybersecurity experience, providing technical and management leadership on major tasks or technology assignments (SME level)
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)

Nice To Haves

• Experience generating Software Bill of Materials (SBOMs) and implementing software supply-chain security controls
• Familiarity with SIEM deployment, container/image hardening, and secure baseline configuration
• Experience in large-scale, multi-cloud federal environments and FedRAMP processes
• Strong analytical, problem-solving, written, and verbal communication skills, including the ability to brief senior Government stakeholders

Responsibilities

• Lead application security across a large-scale, cloud-native federal modernization program.
• Provide technical and management leadership on major security tasks.
• Embed security into every phase of the System Development Life Cycle (SDLC) using a DevSecOps methodology.
• Architect and enforce Zero Trust principles.
• Drive Authorization to Operate (ATO) activities.
• Direct application security testing, threat modeling, and vulnerability remediation across a System of Systems (SoS).
• Interface with senior Government stakeholders and the Office of Information Security (OIS).
• Supervise others (may supervise others).