Security Engineer - Continuous Diagnostics and Mitigation (CDM) #1673090

About The Position

Requirements

• U.S. Citizenship is required
• Must be able to obtain a Public Trust
• This position is primarily remote, but it requires the ability to attend occasional meetings in DC, MD, VA, WV, NJ, and OK as needed
• Bachelor's degree in Computer Science, Cybersecurity, Engineering, Information Systems, Mathematics, Technology, or related IT field
• 6+ years of experience in cybersecurity engineering, security operations, or risk management roles.
• One or more industry-recognized certifications required, including: Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified Ethical Hacker (CEH) Certified Authorization Professional (CAP) CompTIA Security+ Or other equivalent IT or cybersecurity certifications
• Demonstrated experience supporting or implementing CDM program capabilities within federal or regulated environments.
• Experience implementing and operating CDM program tools, including capabilities across: Asset Management (HWAM, SWAM) Identity and Access Management (IdAM) Vulnerability Management Event Management Network and Data Protection
• Experience integrating CDM components such as: Vulnerability scanners Endpoint security tools IAM solutions Network security tools
• Experience supporting or integrating with CDM dashboards, data feeds, and agency or federal-level reporting.
• Configure, manage, and tune security controls including: Firewalls, IDS/IPS, endpoint protection, encryption, and network security controls
• Perform patch management and vulnerability remediation aligned with CIS Benchmarks, DISA STIGs, and SCAP.
• Monitor security posture, vulnerabilities, and configuration compliance across enterprise environments.
• Respond to security incidents, vulnerabilities, and emerging threats; support investigations and impact assessments.
• Experience securing cloud environments (AWS, Azure, GCP) using: Zero Trust Architecture (ZTA) principles Cloud-native security controls, CSPM, CASB, and encryption
• Support implementation of IAM, PAM, and RBAC controls aligned with Zero Trust objectives.
• Assess, develop, and implement security policies and procedures aligned with: NIST RMF, FISMA, FedRAMP, ISO 27001, and DoD STIGs
• Conduct security risk assessments, control effectiveness reviews, and gap analyses.
• Support preparation and maintenance of: System Security Plans (SSPs) Security Control Assessments (SCAs) Authorization to Operate (ATO) packages Plans of Action & Milestones (POA&Ms), including remediation tracking
• Ensure compliance with federal regulations, industry standards, and organizational policies.
• Support internal and external audits and certification activities.
• Develop scripts using Python, PowerShell, and/or Bash to automate security data collection, analysis, and reporting.
• Integrate CDM tools and security platforms using APIs and automation frameworks (e.g., Ansible, Terraform, cloud-native tools).
• Analyze security data to assess risk impact and prioritize remediation efforts.
• Apply standard and advanced analytical techniques to evaluate security control effectiveness in real-world environments.
• Analyze cyber threats, vulnerabilities, and misconfigurations across multi-layered architectures.
• Make data-driven decisions to improve security posture while balancing mission and operational needs.
• Troubleshoot complex security issues across enterprise IT and cloud environments.
• Collaborate with cybersecurity operations, system owners, engineers, auditors, and leadership to implement CDM capabilities and security best practices.
• Communicate security risks, compliance status, and remediation strategies to technical and non-technical stakeholders.
• Develop security documentation, reports, policies, and procedures supporting CDM and accreditation activities.
• Support and deliver security awareness and compliance training for stakeholders as needed.
• Strong organizational, time-management, and multitasking skills.
• Highly responsive and customer-focused.
• Extensive understanding of business processes and enterprise IT/security environments.
• Skilled in facilitation, consultation, and applied problem-solving in complex settings.
• Excellent written and verbal communication skills.
• Ability to work with confidential and proprietary information with discretion.
• Commitment to staying current with emerging threats, technologies, and federal cybersecurity requirements.
• Continuous Diagnostics and Mitigation (CDM) Program tools supporting: Hardware Asset Management (HWAM) Software Asset Management (SWAM) Identity and Access Management (IdAM) Vulnerability Management Network and Data Protection Event Management
• CDM dashboards and reporting tools, including agency-level and federal-level data feeds
• Vulnerability scanning tools such as: Tenable (Nessus / Tenable.sc) Qualys Rapid7
• Configuration and compliance assessment tools aligned with: DISA STIGs CIS Benchmarks SCAP-compliant tools
• Identity and Access Management (IAM) platforms
• Privileged Access Management (PAM) solutions
• Role-Based Access Control (RBAC)
• Zero Trust Architecture (ZTA) technologies and policy enforcement tools
• Identity providers and directory services (e.g., Active Directory, Azure AD/Entra ID)
• Network security technologies including: Firewalls IDS/IPS (e.g., Snort, Suricata) VPNs
• Endpoint security platforms: Endpoint Detection & Response (EDR) Anti-malware and host-based security tools
• Encryption technologies for data at rest and in transit
• Cloud platforms: AWS, Azure, and/or GCP
• Cloud security tools including: Cloud Security Posture Management (CSPM) Cloud Access Security Broker (CASB) Cloud-native security services
• Secure cloud configuration and monitoring aligned with federal standards
• Security monitoring and analytics platforms (SIEM or CDM-integrated tools)
• Log aggregation and event correlation technologies
• REST APIs and data integration mechanisms for CDM feeds
• Python, PowerShell, and/or Bash for automation, data analysis, and reporting
• Infrastructure and security automation tools such as: Ansible Terraform Cloud-native automation services
• Frameworks and standards: NIST RMF FISMA FedRAMP ISO 27001 DoD STIGs
• Tools supporting: SSP, SCA, ATO, and POA&M development and tracking Audit and compliance reporting
• Version control systems such as Git
• IT service management and ticketing tools (e.g., ServiceNow)
• Documentation and collaboration platforms (e.g., Confluence, SharePoint)

Responsibilities

• Designing, implementing, integrating, and maintaining enterprise CDM capabilities
• Deploying and operating CDM tools and dashboards
• Integrating security data sources
• Enabling real-time risk awareness across on-premises and cloud environments
• Working closely with cybersecurity operations, system owners, and compliance teams
• Improving situational awareness
• Supporting risk-based decision-making
• Ensuring alignment with federal cybersecurity standards and mandates

Benefits

• comprehensive health, dental, vision, pet, and legal insurance
• 401(k) retirement matching
• paid leave
• paid holidays
• health and wellness programs
• employer-paid life and disability insurance
• professional development
• education benefits