Security Engineer

GuidehouseAbingdon, VA
18d$98,000 - $163,000
Match Resume

About The Position

Guidehouse is seeking a Security Engineer to join our team. In this role, you will ensure advanced AI-driven platforms meet stringent federal security and compliance requirements, including FedRAMP High, RMF, and NIST standards. Acting as a key liaison between engineering teams and security stakeholders, you will drive risk identification and remediation, support accreditation activities, and deliver secure, resilient solutions that enable trusted decision-making in support of national security objectives. Serves as a core security engineer ensuring the adjudication AI platform meets applicable federal requirements including FedRAMP High, RMF, NIST 800-53, CJIS, and FBI ATO standards. Collaborates with cloud, DevOps, backend, and AI/ML teams to embed secure architecture patterns, validate control implementation, and maintain continuous monitoring readiness across all platform components. Develops RMF documentation, supports POA&M management, conducts vulnerability assessments, ensures secure baseline configurations, and supports accreditation activities. Acts as the liaison between engineering teams and ISSO/security stakeholders, ensuring risks are identified, tracked, and remediated efficiently. Security Engineering & Control Implementation Implement NIST 800-53 and FedRAMP High controls across access management, encryption, monitoring, boundary protection, configuration management, and secure data lifecycle workflows. Validate secure configuration of AWS GovCloud services, EKS clusters, container runtimes, VPC boundaries, IAM policies, and workload identities. Ensure backend APIs, vector stores, retrieval services, LLM inference gateways, scoring engines, and memo-generation modules follow compliant security standards. Embed secure coding, least-privilege access enforcement, input validation, and hardened model-serving workflows across all development teams. RMF, ATO Support & Compliance Documentation Develop and maintain SSPs, CIS statements, boundary diagrams, data-flow diagrams, and continuous monitoring documentation for ATO readiness. Assist with creation, tracking, and remediation of POA&M items, ensuring timely closure of vulnerabilities and deficiencies. Prepare system artifacts for assessments, security testing, authorization reviews, and continuous monitoring updates. Support mapping of AI/ML-specific risks—model outputs, retrieval pathways, data provenance—to RMF controls and ATO expectations. Vulnerability Management & Continuous Monitoring Conduct vulnerability scans (Inspector, ECR scanning, Nessus/Qualys), analyze results, and coordinate remediation with engineering teams. Support patching workflows, baseline enforcement, configuration drift detection, and container/OS hardening processes. Validate CloudTrail, CloudWatch, GuardDuty, Config Rules, and other logging/monitoring systems for compliance with AU, SI, RA, and CM control families. Develop dashboards and reporting for CA-7, RA-5, CM-6, AU-x, and other continuous monitoring requirements. Secure Development, CI/CD & DevSecOps Alignment Integrate SAST, SCA, IaC scanning, container scanning, and dependency verification into DevSecOps workflows. Validate Terraform/CloudFormation templates for alignment with encryption, identity, and GovCloud boundary restrictions. Review API design, authentication flows, model inference endpoints, and data-ingestion pipelines for security gaps or policy violations. Support hardening of LLM workflows, retrieval processes, and document-ingestion operations. Mission Support & Collaboration Work with backend, cloud, AI/ML, and data engineering teams to translate controls into engineering requirements aligned with adjudication workflows. Provide teams with security requirements, engineering checklists, and compliance guidance to accelerate delivery while maintaining security posture. Collaborate with adjudicators, mission SMEs, and operations teams to ensure evidence tracking, audit logging, and data-handling workflows support mission needs.

Requirements

  • Bachelor’s degree or additional four years of experience in lieu of degree.
  • 5+ years of cybersecurity engineering experience, including 3+ years supporting RMF, FedRAMP, CJIS, or ATO systems.
  • Knowledge of NIST 800-53 controls, FedRAMP High requirements, AWS GovCloud security patterns, IAM, encryption (KMS/TLS), logging pipelines, and vulnerability scanning tools.
  • Experience writing ATO documentation, control statements, risk assessments, and boundary artifacts.
  • Strong communication skills supporting collaboration with engineers and mission stakeholders.
  • Must be US Citizen.
  • Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY are preferred.

Nice To Haves

  • CISSP, CCSP, Security+, or AWS Security Specialty certifications.
  • Experience securing AI/ML platforms, LLM inference pipelines, retrieval systems, or sensitive-data workloads.
  • Familiarity with adjudication, continuous vetting, or personnel security workflows.
  • Experience with zero-trust architectures, air-gapped deployments, or SCIF-compatible systems.

Responsibilities

  • Serves as a core security engineer ensuring the adjudication AI platform meets applicable federal requirements including FedRAMP High, RMF, NIST 800-53, CJIS, and FBI ATO standards.
  • Collaborates with cloud, DevOps, backend, and AI/ML teams to embed secure architecture patterns, validate control implementation, and maintain continuous monitoring readiness across all platform components.
  • Develops RMF documentation, supports POA&M management, conducts vulnerability assessments, ensures secure baseline configurations, and supports accreditation activities.
  • Acts as the liaison between engineering teams and ISSO/security stakeholders, ensuring risks are identified, tracked, and remediated efficiently.
  • Implement NIST 800-53 and FedRAMP High controls across access management, encryption, monitoring, boundary protection, configuration management, and secure data lifecycle workflows.
  • Validate secure configuration of AWS GovCloud services, EKS clusters, container runtimes, VPC boundaries, IAM policies, and workload identities.
  • Ensure backend APIs, vector stores, retrieval services, LLM inference gateways, scoring engines, and memo-generation modules follow compliant security standards.
  • Embed secure coding, least-privilege access enforcement, input validation, and hardened model-serving workflows across all development teams.
  • Develop and maintain SSPs, CIS statements, boundary diagrams, data-flow diagrams, and continuous monitoring documentation for ATO readiness.
  • Assist with creation, tracking, and remediation of POA&M items, ensuring timely closure of vulnerabilities and deficiencies.
  • Prepare system artifacts for assessments, security testing, authorization reviews, and continuous monitoring updates.
  • Support mapping of AI/ML-specific risks—model outputs, retrieval pathways, data provenance—to RMF controls and ATO expectations.
  • Conduct vulnerability scans (Inspector, ECR scanning, Nessus/Qualys), analyze results, and coordinate remediation with engineering teams.
  • Support patching workflows, baseline enforcement, configuration drift detection, and container/OS hardening processes.
  • Validate CloudTrail, CloudWatch, GuardDuty, Config Rules, and other logging/monitoring systems for compliance with AU, SI, RA, and CM control families.
  • Develop dashboards and reporting for CA-7, RA-5, CM-6, AU-x, and other continuous monitoring requirements.
  • Integrate SAST, SCA, IaC scanning, container scanning, and dependency verification into DevSecOps workflows.
  • Validate Terraform/CloudFormation templates for alignment with encryption, identity, and GovCloud boundary restrictions.
  • Review API design, authentication flows, model inference endpoints, and data-ingestion pipelines for security gaps or policy violations.
  • Support hardening of LLM workflows, retrieval processes, and document-ingestion operations.
  • Work with backend, cloud, AI/ML, and data engineering teams to translate controls into engineering requirements aligned with adjudication workflows.
  • Provide teams with security requirements, engineering checklists, and compliance guidance to accelerate delivery while maintaining security posture.
  • Collaborate with adjudicators, mission SMEs, and operations teams to ensure evidence tracking, audit logging, and data-handling workflows support mission needs.

Benefits

  • Medical, Rx, Dental & Vision Insurance
  • Personal and Family Sick Time & Company Paid Holidays
  • Parental Leave
  • 401(k) Retirement Plan
  • Group Term Life and Travel Assistance
  • Voluntary Life and AD&D Insurance
  • Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts
  • Transit and Parking Commuter Benefits
  • Short-Term & Long-Term Disability
  • Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities
  • Employee Referral Program
  • Corporate Sponsored Events & Community Outreach
  • Care.com annual membership
  • Employee Assistance Program
  • Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)
  • Position may be eligible for a discretionary variable incentive bonus

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Number of Employees

5,001-10,000 employees

Job Search Resources

Similar Security Engineer job opportunities

Security Engineer
Truveta
Truveta • Seattle, WA10d • $115,000 - $140,000 • Onsite
Security Engineer
Astronomer
Astronomer • Austin, TX11d
Security Engineer
Corridor
Corridor • San Francisco, CA11d
Security Engineer
Astronomer
Astronomer • Austin, TX11d • $80,000 - $85,000
Security Engineer
Stefanini Group
Stefanini Group • Kansas City, MO12d • Remote
Security Engineer
Notable
Notable • San Mateo, CA12d • Hybrid
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service