Senior Data Security Engineer

About The Position

Requirements

• Must hold a current Top-Secret clearance and be SCI eligible.
• Bachelor’s degree in computer science, Information Systems, Cybersecurity, or related field (Equivalent experience acceptable in lieu of a degree)
• Minimum 7 years of experience in enterprise data security for a DoD organization. Additional years of experience may be used in place of Education requirement.
• DoDM 8570 IAT III: e.g. CISSP-ISSEP (Information Systems Security Engineering Professional) OR CISSP.
• DoD 8140 Compliance.
• Extensive experience acting as an Architect or Lead Engineer for large-scale DoD or Federal enterprise security transformations.
• Deep expertise in Zero Trust Architecture principles, specifically Data Object-Level Protection (DOLP) and Attribute-Based Access Control (ABAC).
• Proven experience designing architectures that utilize Microsoft Purview (Information Protection/DLP) and Digital Rights Management (DRM) technologies (e.g., Kiteworks, Virtru).
• Ability to design security solutions for Disconnected, Degraded, Intermittent, and Limited Bandwidth (DDIL) and air-gapped environments.

Nice To Haves

• DoD 8570 Compliance: IASAE II requirements
• Master’s degree in computer science, Information Systems, Cybersecurity, or related field
• One or more Cloud/Zero Trust Architecture certifications (e.g., CCSP, Microsoft Cybersecurity Architect SC-100).
• Experience with BigID for data discovery and NetApp BlueXP for storage-level classification.
• Knowledge of NIST Internal Report 8112 (Attribute Metadata) and its application to identity-centric security.
• Prior experience supporting USSOCOM mission requirements.
• Strong communication skills with ability to brief senior leadership and interface with stakeholders.
• Ability to lead teams in complex, multi-vendor environments.

Responsibilities

• Enterprise Engineering Strategy: Serve as one of the Technical Authorities for the Data Pillar, defining and executing the high-level engineering tasks for data discovery, classification, and protection across NIPR, SIPR, and Top-Secret networks.
• Metadata & Taxonomy Design: Define and enforce the enterprise data taxonomy and metadata schemas (specifically adhering to NIST 8112) to standardize how "Trust Attributes" (Pedigree, Verifier, Assurance Level) are ingested and utilized for ABAC decisions.
• Cross-Enclave Integration: Ensure architectural consistency between the cloud-native NIPR stack (Microsoft Purview/Sentinel) and the on-premises SIPR/Top Secret stacks (BigID, Kiteworks, NetApp BlueXP), ensuring policy logic remains uniform even when tools differ.
• ABAC & Identity Integration: Design the integration points between the Data Pillar and the ICAM Pillar, defining the requirements for how User Attributes from SailPoint and Entra ID are consumed by Policy Decision Points (PDPs) like Kiteworks and Purview.
• Standards & Compliance: Lead the development of System Design Documents (SDDs) and validate that all architecture aligns with the USSOCOM Zero Trust Reference Architecture and DoD 8140/8570 compliance requirements.

Benefits

• A culture of integrity. At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.
• An environment of trust. CACI values the unique contributions that every employee brings to our company and our customers - every day. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.
• A focus on continuous growth. Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy.
• healthcare
• wellness
• financial
• retirement
• family support
• continuing education
• time off benefits