Senior Security Risk Management Engineer

Dexian Government Solutions is recruiting for a Senior Security Risk Management Engineer to support our proposal effort for the DHS CIETS in DC Metro area.

Position Overview:

Serves as the senior technical lead for Risk Management Framework (RMF) implementation, Assessment & Authorization (A&A), security control implementation, enterprise risk analysis, and cybersecurity compliance engineering. This position bridges the gap between cybersecurity engineering, governance, and authorization activities, ensuring systems achieve and maintain authorization while managing risk across the DHS I&A enterprise.

• The Senior Security Risk Management Engineer provides technical leadership for:
• Risk Management Framework (RMF) execution
• Assessment & Authorization (A&A)
• Security control implementation
• Security architecture risk analysis
• Continuous Monitoring (ConMon)
• Risk assessment and mitigation
• Authorization package development
• Security engineering support to system owners
• The position serves as the senior technical advisor helping DHS I&A understand, document, assess, and manage cybersecurity risk across classified and unclassified environments.

Job Duties:

RMF and Authorization Support, the engineer shall:

• Lead execution of RMF activities across assigned systems.
• Develop and maintain authorization documentation.
• Support ATO, ATC, and ongoing authorization activities.
• Ensure security controls are properly implemented and documented.
• Coordinate with ISSOs, ISSMs, SCAs, and Authorizing Officials throughout the authorization lifecycle.
• Assist in preparing and maintaining authorization packages.

Security Risk Assessment, the engineer shall:

• Conduct cybersecurity risk assessments.
• Analyze technical, operational, and architectural risks.
• Identify system vulnerabilities and control deficiencies.
• Evaluate likelihood and impact of identified risks.
• Develop risk mitigation strategies.
• Recommend compensating controls and corrective actions.

Security Control Engineering, the engineer shall:

• Evaluate implementation of NIST, CNSSI, DHS, and Intelligence Community security controls.
• Validate technical control implementation.
• Assess effectiveness of security safeguards.
• Support remediation of control weaknesses.
• Ensure security requirements are incorporated into system designs and architectures.

Continuous Monitoring Support, the engineer shall:

• Support continuous monitoring programs.
• Review vulnerability assessment results.
• Analyze POA&M status and remediation activities.
• Monitor ongoing compliance with authorization requirements.
• Track risk trends and emerging cybersecurity concerns.
• Support ongoing authorization decision-making.

Enterprise Risk Management, the engineer shall:

• Support enterprise cybersecurity risk management activities.
• Evaluate cross-system and enterprise-wide risks.
• Provide recommendations regarding risk acceptance and mitigation.
• Support executive risk reporting.
• Assist Government leadership in understanding aggregate cybersecurity risk.

Engineering Reviews and Technical Assessments, the engineer shall:

• Conduct technical reviews of system architectures.
• Assess proposed system changes for security impact.
• Evaluate cloud security implementations.
• Support modernization initiatives and technology assessments.
• Participate in architecture review boards and engineering reviews.

Audit and Compliance Support, the engineer shall:

• Support OIG, FISMA, JCIP, and other cybersecurity inspections.
• Provide technical evidence supporting compliance assessments.
• Respond to audit findings and corrective action requirements.
• Assist in maintaining audit readiness across the portfolio.

Stakeholder Interaction, the Senior Security Risk Management Engineer routinely interfaces with:

• Chief Information Security Officer (CISO)
• Authorizing Officials (AOs)
• ISSMs
• ISSOs
• Security Control Assessors (SCAs)
• Security Engineers
• System Owners
• Cloud Engineering Teams
• Enterprise Architects
• Governance and Compliance personnel

Required Qualifications:

The Senior Security Risk Management SME must have at least two (2) years of recent experience in each of the following areas:

• A&A, FISMA compliance, IC cybersecurity policy and standards, continuous monitoring, CDS, and secure cloud and hybrid engineering, with a total of at least 10 years total of related experience.
• This individual shall also have experience in emerging and evolving security risk management practices including automating A&A and continuous monitoring activities.
• The individual should be experienced in applying NIST 800 series and CNSSI 1253 security controls and risk management framework principles and guidance.

Certification Requirements: CISM + CAP or GRC

Clearance Requirements: TS/SCI with CI Polygraph

Company Description

Dexian Government Solutions is an award-winning, ISO 9001:2015 certified, business and GSA contract holder providing diversified Information Technology services to both Civilian and Defense agencies. Services include Software Development, Systems Integration, Data Management, Project Management, Operations & Maintenance, Cybersecurity, and Training and Audio/Visual (AV) Solutions. Dexian Government Solutions has received several recognitions, including rankings on "Top 50 Companies to Watch", Washington Technology's Annual "FAST 50", and Inc. 500's List of "Fastest Growing Private Companies". The Dexian Government Solutions team is comprised of individuals who are dedicated to the success and sustainability of our customers and their missions. Our combination of technical expertise, big business experience, and small business agility allows us to promptly provide our customers with exceptional IT and engineering solutions.

Benefits

Our robust benefits package includes Open Paid Time Off, 11 Federal Paid Holidays & 5 Paid Sick Days, Company-paid Life/AD&D, Company-paid Short Term and Long-Term Disability, Health Insurance with Company Contribution, 401k Plan with Company Match, Employee Recognition Program, opportunity for Employee Referral Bonus, opportunity for annual Performance Bonus and much more!

EEO Statement

Dexian Government Solutions is proud to be an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All employment is decided based on qualifications, merit, and business need.

All applicants will be considered for employment without attention to race, religion, color, national origin, ancestry, physical or mental disability, medical condition, pregnancy (including childbirth, lactation and related medical conditions), marital status, genetic information (including characteristics and testing), gender, sexual orientation, gender identity or expression, military and veteran status, or any other status protected under federal, state, or local law in the locations where we operate.

If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact Human Resources. The Company invites any applicant and/or employee to review the Company's written Affirmative Action Plan. This plan is available for inspection upon request.

_screen_reader_optimized.pdf

#DICE

#LI-LM1

This role requires an active Top Secret Security Clearance, customer approval, and successful completion of a pre-employment background screening.