Location: Washington, DC | (Hybrid - 3 days in office with travel as required)
Clearance: Must be eligible to obtain a DoD security clearance

The Role

We are seeking a Senior Security Engineer to strengthen cloud and software environments, ensuring compliance with U.S. government security standards. This role is critical in securing mission-critical cloud applications and maintaining compliance with federal and defense security requirements. You will lead security hardening initiatives, collaborating with internal teams to develop robust security architectures, automation, and compliance measures. Your contributions will directly impact national security, enhancing our ability to protect sensitive data and operations in defense environments.

What You’ll Do

• Implement and maintain security controls aligned with FedRAMP, DoD SRG, NIST 800-171 (CMMC), and NIST 800-53.
• Secure cloud environments, particularly AWS and AWS GovCloud, ensuring compliance with federal security requirements.
• Automate security processes, conduct vulnerability scanning, penetration testing, and continuous monitoring (ConMon).
• Perform system security assessments, threat modeling, risk assessments, and incident response planning.
• Develop and maintain security compliance documentation, including System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and Configuration Management & Incident Response Plans.
• Collaborate with DoD, FedRAMP PMO, and 3PAO assessors to achieve security authorization.
• Work closely with engineering teams to integrate security best practices in software development and infrastructure.

What We’re Looking For

Must-Have Experience

• Cloud Security: Strong experience with AWS & secure workload management (AWS GovCloud experience preferred).
• ATO Processes: Direct experience working with DoD/3PAO assessors.
• CMMC Implementation: Hands-on experience with Federal and defense security controls.
• FedRAMP High Requirements: Understanding of FedRAMP compliance processes.
• Security Engineering: Expertise in IAM, encryption, SIEM, vulnerability management, and Python scripting (ability to read code).
• Regulatory Frameworks: Deep familiarity with NIST 800-171, NIST 800-53, RMF, and DoD IL-4/5.
• Compliance Audits: Experience conducting security assessments and regulatory audits.

Preferred (Not Required)

• DevSecOps Expertise: Experience with Terraform, Kubernetes, CI/CD security.
• Infrastructure Background: Strong foundation in IT, security, and cloud environments, particularly within regulated government sectors.

If you are passionate about securing mission-critical infrastructure and want to make a real impact on national security, we’d love to hear from you!

 

Posted On: Thursday, March 20, 2025