Senior Security Engineer

About The Position

Requirements

• 5+ years of experience in cloud infrastructure security, network security, or IT systems engineering with a security focus
• Hands-on experience securing cloud environments in GCP, AWS, or Azure, including networking, IAM, and logging controls (GCP strongly preferred)
• Demonstrated experience designing and managing cloud network security controls: firewalls, security groups, VPC/VNet architecture, and traffic inspection
• Proficiency with next-generation firewalls (e.g., Palo Alto, Fortinet, or cloud-native equivalents) including policy management and traffic analysis
• Working knowledge of PKI concepts, certificate lifecycle management, and cryptographic protocols (TLS, mTLS, FIPS 140-2/3)
• Hands-on experience implementing and managing IAM, PAM, MFA, RBAC, and SSO systems in enterprise or federal environments
• Direct experience implementing technical controls for CMMC L2, FedRAMP, or NIST 800-171 compliance programs
• Strong understanding of zero trust architecture principles and practical implementation across hybrid environments
• Experience with SIEM platforms, log aggregation, and security monitoring for infrastructure and network event data
• Excellent communication skills with ability to explain security architecture and compliance posture to both technical teams and leadership

Nice To Haves

• Active Secret or Top Secret clearance, or ability to obtain
• Experience designing and operating PKI infrastructure at scale, including enterprise or government CA hierarchies
• Familiarity with FIPS 140-2/140-3 validated cryptographic modules and their deployment in federal environments
• Experience with cloud security platforms such as Wiz, AWS Security Hub, GCP Security Command Center, or Azure Defender
• Proficiency with infrastructure-as-code tools (Terraform, Ansible) for automating security configurations and compliance baselines
• Knowledge of DISA STIGs, CIS Benchmarks, and hardening standards for Linux, Windows, and cloud platforms
• Experience with network access control (NAC), SD-WAN, or SASE platforms in enterprise or federal environments
• Background in IT systems engineering, network engineering, or systems administration with a transition to security
• Familiarity with hardware security modules (HSMs) and their integration into PKI or secrets management workflows
• Security certifications such as CISSP, CCSP, CompTIA Security+, GCP Professional Cloud Security Engineer, or equivalent

Responsibilities

• Design, implement, and manage secure cloud networking architectures including VPCs, subnets, peering, and transit gateways across GCP, AWS, or Azure
• Configure and maintain cloud-native firewall rules, security groups, network ACLs, and perimeter controls to enforce least-privilege traffic policies
• Implement and manage cloud security posture management (CSPM) tooling and continuously remediate misconfigurations across cloud environments
• Design and operate network segmentation and micro-segmentation strategies aligned with zero trust architecture principles
• Manage and harden cloud IAM, including role definitions, service account policies, privileged access controls, and just-in-time access
• Manage next-generation firewall (NGFW) platforms, including policy development, rule lifecycle management, and traffic inspection configurations
• Implement and maintain IDS/IPS, DNS security, and network monitoring solutions to detect and respond to threats
• Design and enforce network access control (NAC) policies and segmentation for both cloud and on-premises environments
• Conduct regular firewall rule reviews and access path analysis to identify and remediate overly permissive configurations
• Design, implement, and operate PKI infrastructure including certificate authorities, certificate lifecycle management, and trust store management
• Manage certificates for device identity, mutual TLS (mTLS), VPN authentication, and code signing in compliance with federal requirements
• Administer and enforce access control policies across identity providers (IdPs), directory services (Active Directory / LDAP), and SSO platforms
• Implement and maintain multi-factor authentication (MFA), privileged access management (PAM), and role-based access control (RBAC) systems
• Ensure cryptographic implementations meet FIPS 140-2/140-3 requirements and federal standards
• Implement and maintain technical controls mapped to CMMC Level 2, FedRAMP, and NIST 800-171 control families
• Develop and manage system security plans (SSPs), security assessment reports (SARs), and plans of action and milestones (POA&Ms)
• Conduct continuous monitoring, log review, and evidence collection to support compliance audits and third-party assessments
• Perform risk assessments and vulnerability management across cloud and on-premises infrastructure in accordance with NIST RMF
• Maintain configuration baselines and enforce hardening standards (DISA STIGs, CIS Benchmarks) across systems and cloud resources
• Maintain and tune SIEM integrations, security logging pipelines, and alerting rules for cloud and network infrastructure
• Manage endpoint detection and response (EDR) and vulnerability scanning tools across the infrastructure fleet
• Build and maintain automation for compliance evidence collection, configuration auditing, and security reporting
• Document security architecture, network diagrams, access control matrices, and

Benefits

• 401(k)
• dental
• vision
• health
• life insurance
• paid time off
• equity options
• professional development
• flexible working arrangements