Security Engineer

About The Position

Requirements

• Active TS/SCI with Polygraph
• Bachelor's degree or higher in Cybersecurity, IT, or related field and 5+ years' experience in Cybersecurity in federal or IC environments OR Masters and 3+ years of experience in Cybersecurity in federal or IC environments
• Strong Knowledge of NIST RMF (800-37), NIST 800-53 controls, and FedRAMP requirements
• At least one of the following certifications: CISM or CISA, CompTIA Security+ (baseline), Certified Authorization Professional (CAP), CCSP (cloud security)
• Experience in the following tools: NIST 800-53, RMF, FedRAMP, ICD 503, ServiceNow GRC, Splunk, AWS GovCloud, Azure

Nice To Haves

• Experience with cloud-native security tools
• Knowledge of Zero Trust Architecture
• Experience with cross-domain solutions
• Familiarity with DevSecOps pipelines in regulated environments

Responsibilities

• Lead and support FedRAMP Moderate/High and IC ATO authorization efforts, ensuring compliance with NIST RMF, NIST 800-53, NIST 800-37, FedRAMP, and ICD 503 requirements.
• Conduct risk assessments, security control assessments, gap analyses, and security architecture reviews to identify and mitigate cybersecurity risks.
• Manage the full Risk Management Framework (RMF) lifecycle, including system categorization, control selection, implementation, assessment, authorization, and continuous monitoring.
• Develop and maintain security documentation such as SSPs, SARs, POA&Ms, and control traceability artifacts, while tracking remediation activities.
• Execute Continuous Monitoring (ConMon) programs through vulnerability assessments, compliance reviews, security control validation, and reporting.
• Lead vulnerability management activities using tools such as Nessus, ACAS, SCAP, and STIG Viewer, validating remediation and coordinating risk mitigation efforts.
• Support Security Operations and Incident Response, including threat monitoring, alert analysis, incident investigations, root cause analysis, and coordination with SOCs and government stakeholders.
• Design and assess security controls for AWS GovCloud, Azure Government, and other government cloud environments, implementing IAM, encryption, logging, and least-privilege access controls.
• Integrate security into DevSecOps and CI/CD pipelines through automated security testing, vulnerability scanning, compliance validation, and Infrastructure-as-Code security practices.
• Support audits and assessments, including 3PAO reviews, FedRAMP assessments, agency ATO reviews, and IG audits, while preparing evidence and coordinating with auditors and assessors.
• Administer and utilize governance, compliance, monitoring, and vulnerability management tools such as ServiceNow GRC, Splunk, and Azure.
• Collaborate with developers, engineers, cloud architects, ISSOs/ISSMs, compliance teams, and government stakeholders to provide cybersecurity guidance throughout system development and operations.
• Contribute to security governance, policy development, cybersecurity program maturity, and organizational security culture, while mentoring junior staff and promoting risk-informed decision-making.