Senior Cybersecurity Engineer

About The Position

Requirements

• Bachelor's degree and 5 years of related experience.
• 5 years of experience supporting compliance or cybersecurity reporting (e.g., FISMA, RMF) required.
• 5 years of experience implementing and validating NIST SP 800-53 controls within systems
• 3 years of experience supporting RMF and ATO processes (hands-on with control implementation, not just documentation)
• 2 years of experience with continuous monitoring strategies and tools (e.g., Splunk, Elastic, Tenable, CDM)
• 2 years of experience working with system architectures, data flows, and security integration points
• 1 years of experience with RMF artifacts (SSP, SAR, POA&M) and how they map to system implementations
• Must be able to obtain DHS Suitability(EOD) and have active Secret or above clearance

Nice To Haves

• Strong communication and collaboration skills to engage both technical and non-technical stakeholders.
• Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations.
• Ability to clearly communicate complex technical concepts to technical and non-technical POCs.
• Experience enabling or supporting cATO / ongoing authorization models
• Scripting or automation experience (Python, APIs, infrastructure-as-code)
• Experience with DevSecOps / CI/CD pipeline security integration
• Understanding of policy-as-code / compliance automation approaches
• Experience in DHS CDM environments
• Excellent organizational skills and attention to detail.
• Strong analytical, critical thinking, and problem-solving skills.

Responsibilities

• Integrate security controls (NIST SP 800-53) into system architectures, applications, and infrastructure as part of the SDLC
• Engineer and implement technical control solutions (identity, logging, vulnerability management, configuration enforcement)
• Perform control implementation and validation, ensuring controls are operating as intended within the system
• Support RMF lifecycle activities (categorization, control selection, implementation, assessment, and authorization) with a strong engineering focus
• Design and implement continuous monitoring (ConMon) capabilities that validate control effectiveness using system telemetry
• Enable automated ATO (cATO) by integrating control checks, telemetry, and validation results into ongoing authorization decisions
• Develop machine-testable control assertions and automate validation using scripts, APIs, and security tools
• Generate and maintain RMF artifacts (SSP, SAR, POA&M) through automated data collection and system outputs
• Conduct security engineering analysis of system data flows, architectures, and dependencies to identify risks and control gaps
• Implement and validate compensating controls where standard controls cannot be fully applied
• Support audit readiness and assessments by ensuring traceable, reproducible control evidence
• Collaborate with system owners, developers, and ISSOs to ensure security is built into system changes and deployments

Benefits

• health, dental and vision insurance
• 401(k)
• flexible spending account
• paid leave (including PTO and parental leave)