Senior Applied Security Architect

About The Position

Requirements

• Bachelor’s degree in computer science, information security, engineering, or a related field.
• Minimum of 7 years’ experience in applied cybersecurity, security architecture/engineering, or compliance in federal or regulated environments.
• Proven experience designing and implementing security controls for cloud and hybrid systems (e.g., identity, encryption, logging, IR).
• Handson experience with vulnerability assessment tools, SIEM/monitoring, endpoint protection, and configuration management.
• Strong understanding of data protection for sensitive and personal information; experience operationalizing privacy/security requirements.
• Excellent written and verbal communication skills, including developing policies, standards, and leadership briefings.
• Demonstrated ability to lead cross-functional teams, manage complex initiatives, and drive remediation through to completion.
• Proficiency with security frameworks and control baselines; ability to translate requirements into practical, auditable implementations.
• U.S. citizenship and ability to meet federal suitability requirements if needed.

Nice To Haves

• Experience supporting DOE or other federal research/innovation programs, including SBIR/STTR environments.
• Familiarity with federal cybersecurity frameworks and standards (e.g., NIST SP 800 series, FISMA), cloud security best practices, and zero trust principles.
• Experience protecting proposal/intellectual property workflows, applicant portals, data lakes, and analytics/reporting platforms.
• Certifications such as CISSP, CCSP, CISM, CASP+, or GIAC (e.g., GSEC, GCCC, GCIH).
• Knowledge of secure DevSecOps practices, automation, infrastructure as code, and compliance-as-code approaches.
• Background in energy sector technologies or scientific R&D environments.

Responsibilities

• Lead security architecture and design for SBIR/STTR program systems, data flows, and integrations (onprem, cloud, and hybrid).
• Develop and maintain security policies, standards, and procedures for identity, access, data protection, logging, and incident management.
• Oversee risk assessments, threat modeling, vulnerability management, and remediation planning; maintain POA&Ms and drive closure.
• Implement and optimize controls for safeguarding sensitive information (e.g., proposal data, PII), including encryption, tokenization, and DLP.
• Coordinate security compliance activities, mapping controls to applicable federal frameworks and DOE requirements; support ATO packages.
• Establish secure workflows for solicitation development, proposal intake/review, portfolio tracking, reporting, and outreach platforms.
• Design and manage role-based access, least privilege models, and privileged access management for SBIR/STTR stakeholders.
• Implement continuous monitoring, log aggregation/SIEM use cases, alert tuning, and metrics dashboards for leadership visibility.
• Lead incident response planning, tabletop exercises, and after-action reviews; ensure timely reporting and corrective actions.
• Evaluate third-party tools and vendors used for program operations; conduct security due diligence and integration hardening.
• Provide senior technical guidance and coaching to program and contractor teams; deliver security training and awareness sessions.
• Drive process improvements that enhance security posture, reduce operational risk, and improve user experience without compromising controls.

Benefits

• health, dental and vision insurance
• 401K with company matching
• flexible spending accounts
• paid holidays
• three weeks paid time off