The Senior Security Engineer will be responsible for designing, implementing, and maintaining cybersecurity solutions to protect mission applications and IT infrastructure. This role ensures compliance with DoD and Intelligence Community (IC) security requirements while enabling operational effectiveness through secure system engineering and continuous monitoring.
The candidate will act as a key contributor to cybersecurity architecture, Risk Management Framework (RMF) compliance, and DevSecOps integration within highly classified environments.
Key Responsibilities
Cybersecurity Engineering
- Design, implement, and maintain security controls for mission systems across cloud and on-prem environments.
- Engineer solutions for network, endpoint, application, and data protection.
- Support secure system architecture aligned with DoD and IC directives.
RMF & Compliance
- Lead and support Risk Management Framework (RMF) activities:
- System categorization, control selection, implementation, assessment, and authorization
- Ensure compliance with:
- NIST SP 800-53
- ICD 503
- DoD Cloud SRG
- Develop and maintain security documentation (SSPs, POA&Ms, SARs).
Security Assessment & Authorization
- Coordinate with Authorizing Officials (AOs), ISSOs, and ISSMs.
- Conduct and support:
- Security control assessments
- Vulnerability assessments and penetration testing remediation
- Support continuous ATO (cATO) processes.
DevSecOps Integration
- Integrate security controls into CI/CD pipelines.
- Implement automated security scanning tools:
- SAST, DAST, container scanning, IaC security
- Support secure software development lifecycle (SSDLC) practices.
Vulnerability Management
- Monitor and remediate vulnerabilities using tools such as:
- Analyze findings and prioritize mitigation strategies.
- Maintain compliance with vulnerability remediation timelines.
Identity & Access Management (IAM)
- Implement ICAM solutions supporting:
- Role-Based Access Control (RBAC)
- Privileged Access Management (PAM)
- Support multi-factor authentication (MFA) and Zero Trust principles.
Incident Response & Monitoring
- Support security incident detection, analysis, and response.
- Work with Security Operations Center (SOC) teams.
- Implement and maintain monitoring tools (e.g., SIEM solutions like Splunk, ELK).
Required Qualifications
- Education: Bachelor’s degree in Cybersecurity, Computer Science, or related field.
- Experience:
- 8+ years in cybersecurity engineering or related roles
- Experience supporting DoD or IC environments
- Strong understanding of system security engineering principles.
Security Clearance
- Active Top Secret (TS) clearance required
- SCI eligibility required (TS/SCI preferred)