Senior Cyber Security Engineer

Constellis•Washington, DC

3h•Onsite

About The Position

We are seeking a hands-on Senior Cyber Security Engineer to lead the security architecture, compliance, and DevSecOps implementation for the LEXSO platform. The Senior Cyber Security Engineer will bridge the gap between "Compliance" and "Engineering." You will not just audit the system—you will help build it securely. This role is responsible for achieving Authority to Operate (ATO) under DoD Risk Management Framework (RMF) standards among other federal certifications while embedding security automation directly into our CI/CD pipelines. You will work side-by-side with backend and frontend engineers to harden the microservices architecture against evolving threats.

Requirements

8+ years of experience in Cyber Security Engineering or DevSecOps.
Proven track record of achieving ATO (Authority to Operate) for a software system in a DoD/Federal environment
Hands-on experience with RMF, NIST 800-53, and DISA STIGs
Proficiency in scripting languages (Python, Bash) for automation (This is a coding role, not just an auditing role)
Experience with vulnerability scanning tools (ACAS/Nessus, SonarQube, Burp Suite)
Strong knowledge of Linux Security (SELinux, iptables, hardening)
Experience with CI/CD tools (GitLab CI, Jenkins) and Container Security (Docker/K8s)
Certifications (Must meet DoD 8570 IAT Level II/III): CISSP, CASP+, or Security+ CE (Required)
Active Secret Security Clearance
Bachelor’s degree in Computer Science, Cyber Security, or related technical discipline.

Nice To Haves

Experience securing cloud environments (AWS GovCloud / Azure Government)
Experience with FedRAMP authorization processes
Familiarity with "Zero Trust" architecture principles
Previous experience as a Software Developer before moving into Security

Responsibilities

Lead the technical execution of the RMF process to achieve and maintain Authority to Operate (ATO) for the LEXSO platform
Implement security controls in accordance with NIST SP 800-53 and DoD SRG/STIGs
Generate and maintain artifacts required for eMASS, including SSPs, POAMs, and SARs
Conduct self-assessments using ACAS (Nessus) and SCAP Compliance Checker (SCC) to identify vulnerabilities
Integrate automated security testing (SAST/DAST) tools (e.g., SonarQube, OWASP ZAP) into the GitLab/GitHub CI/CD pipeline
Develop scripts (Python, Bash, Ansible) to automate patching and configuration management for Linux (RHEL/Ubuntu) servers
Implement Container Security scanning for Docker/Kubernetes environments to detect vulnerabilities before deployment
Enforce "Security as Code" principles using Terraform or Helm charts
Analyze vulnerability scan results and write the code/scripts to remediate findings (e.g., fixing SSH configurations, patching libraries, hardening NGINX)
Harden APIs and microservices by implementing secure authentication (OAuth2/JWT/mTLS) and encryption standards (FIPS 140-2)
Respond to zero-day threats and CVEs by rapidly deploying hotfixes to the production environment
Conduct threat modeling sessions with the engineering team to identify attack vectors in the multi-sensor architecture
Design and implement secure logging and auditing pipelines (ELK Stack/Splunk) to meet audit requirements
Advise on the secure architecture for integrating third-party sensors (LiDAR, Radar) and IoT devices