Work type: Full-time
Location: Remote, local to DC

Job Description:

We're seeking a Security Engineer to lead secure configuration, continuous monitoring, and compliance engineering efforts. You'll drive baseline hardening, risk assessments, and automation across cloud and on-prem systems, ensuring adherence to federal mandates and Zero Trust principles.

Requirements:

• U.S. Citizenship is required
• Must be able to obtain a Public Trust
• This position is primarily remote, but it requires the ability to attend occasional meetings in DC, MD, VA, WV, NJ, and OK as needed

Qualifications and Experience

• Bachelor's degree in Computer Science, Cybersecurity, Engineering, Information Systems, Mathematics, Technology, or related IT field
• Minimum 6 years of relevant experience in enterprise security engineering and compliance
• In-depth understanding of the Continuous Diagnostics and Mitigation program and its phases
• Proficiency in Zero Trust principles: micro-segmentation, least-privilege access, continuous verification
• Expertise in the NIST Risk Management Framework (RMF) (SP 800-37/800-53)
• Familiarity with the Cybersecurity Assessment and Secure Mission (CASM) model
• Knowledge of FISMA requirements and annual reporting processes
• Experience applying FedRAMP controls for cloud service providers and managing authorization packages
• Strong knowledge of DISA STIG and SCAP automation for multiple OS platforms
• Ability to map organizational controls to CISA CDM dashboard metrics and drive data integrations
• Excellent communication, documentation, and stakeholder-management skills

Required Skills:

Cloud & Database Platforms

• MS SQL Server (2019/2022), AWS GovCloud, Azure compliance baselines, AWS RDS, Power Platform & M365 Baselines, SharePoint 2019, Tomcat 9/10

Identity & Access Management

• Okta, CyberArk EPM & Privileged Access Management, ClearPass, Active Directory

Endpoint & Network Security

• Tanium, Zscaler, Cisco IOS XE

Configuration Management & Compliance Baselines

• Belarc, DISA STIG Tools, SCAP, CDM & CSAM tools, POA&M tracking systems, Secure Configuration dashboards

Monitoring & Reporting

• Power BI, DLP / Information Protection solutions, Risk assessment workflows

Collaboration & Documentation

• Jira, Enterprise Wiki / KSN portals, Runbook documentation

Responsibilities:

• Lead Secure Configuration Management baselines for applications, operating systems, databases, network devices, and platforms
• Conduct Continuous Diagnostics and Mitigation (CDM) program activities-vulnerability management, configuration management, identity & access controls, and incident response
• Perform risk assessments and manage POA&Ms; oversee Cybersecurity Assessment and Secure Mission (CASM) workflows
• Implement and automate DISA STIG and SCAP standards across Windows, Red Hat, iOS/iPadOS, macOS, and Chrome environments
• Design and enforce Zero Trust controls: micro-segmentation, least-privilege access, continuous verification of users, devices, and services
• Apply NIST RMF (SP 800-37/800-53) controls from system categorization through continuous authorization
• Facilitate FedRAMP compliance for cloud services; author and maintain SSPs, SARs, and authorization packages
• Map security controls to CISA CDM dashboard metrics; integrate data into monitoring solutions
• Collaborate with stakeholders to define baseline exceptions, track remediation progress, and report metrics
• Maintain documentation in enterprise wiki and compliance portals; manage Jira boards for tasks and exceptions
• Mentor junior security engineers and coordinate cross-team compliance reviews

Clearance: Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.