OverviewLMI is seeking a skilled
Information System Security Engineer (ISSE) with hands-on experience in AWS cloud security to provide advanced cybersecurity engineering and Risk Management Framework (RMF) support for Department of Defense (DoD) cloud-based systems. This position focuses on designing, implementing, and maintaining secure AWS environments aligned with DoD Cloud Computing Security Requirements Guide (CC SRG), NIST SP 800-53, and DISA STIGs/SRGs to support Authorization to Operate (ATO) efforts.
LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed.
Leveraging our mission-ready technology and solutions, proven expertise in federal deployment, and strategic relationships, we enhance outcomes for the government, efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors-helping agencies navigate complexity and outpace change. Headquartered in Tysons, Virginia, LMI is committed to delivering impactful results that strengthen missions and drive lasting value.
This position can be remote but requires quarterly travel for planning increments.This position requires an active SECRET clearance; TS/SCI preferred.Responsibilities- Architect and manage robust access control strategies using AWS Identity and Access Management (IAM), enforcing the principle of Least Privilege across all roles and users.
- Implement encryption and key management solutions using AWS Key Management Service (KMS) and related tools to protect data at rest and in transit, aligning with DoD data classification standards.
- Deploy and configure native AWS security services (e.g. GuardDuty, Security Hub, Inspector, and Config) to provide continuous threat detection, compliance monitoring, and automated remediation.
- Collaborate with network teams to secure VPCs using AWS Network Firewall, WAF, and hybrid connectivity solutions (Direct Connect, VPN) within a GovCloud environment.
- Lead technical implementation and validation of NIST SP 800-53 and DoD CC SRG controls to achieve and maintain ATO.
- Serve as a technical SME for RMF documentation and artifact generation within eMASSor other DoD compliance systems.
- Design, test, and implement DISA STIG/SRG-based configuration hardening across AWS services, operating systems, and containerized workloads.
- Conduct continuous vulnerability scanning and monitoring using DoD-approved tools (ACAS/Nessus), coordinating remediation and risk mitigation activities.
- Integrate security into CI/CD pipelines using Infrastructure-as-Code (IaC) tools such as Terraform or CloudFormation to automate compliance and security controls.
- Build and maintain centralized, compliant logging architectures using Splunk, Elastic, or equivalent SIEM platformsto ensure event visibility and retention per DoD policy.
- Participate in incident response activities for cloud-based threats, performing forensic analysis and recommending corrective actions.
- Collaborate with DoD stakeholders, system owners, and developers to embed security throughout the system lifecycle and support RMF accreditation efforts.
Qualifications- Active SECRET clearance required; TS/SCI preferred
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience)
- 3-5+ years of experience in information security, with at least 3 years focused on AWS cloud security engineering
- Deep experience with DoD RMF, NIST SP 800-53, DoD CC SRG, and DISA STIG/SRG compliance frameworks
- Strong hands-on expertise with AWS security services (IAM, KMS, GuardDuty, Security Hub, Config)
- Experience with Docker, Kubernetes, and system hardening for Linux/Windows environments
- Proficiency in IaC tools (Terraform, CloudFormation) for managing and enforcing security policies
- Familiarity with ACAS/Nessus, continuous monitoring, and vulnerability management processes
- Experience integrating security within DevSecOps and CI/CD workflows
- Certifications:
- DoD 8570/8140-M compliant (e.g., CISSP, CASP+, CISM) - required
- AWS Certified Security - Specialty - highly preferred
- Kubernetes certification (CKS/CKA) - a plus
Target Salary Range: $90,270.00 - $155,037.00
Disclaimer: The salary range displayed represents the typical salary range for this position and is not a guarantee of compensation. Individual salaries are determined by various factors including, but not limited to location, internal equity, business considerations, client contract requirements, and candidate qualifications, such as education, experience, skills, and security clearances.
OptionsApply for this job onlineApply
Share
Email this job to a friendRefer
Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed
LMI is an Equal Opportunity Employer. LMI is committed to the fair treatment of all and to our policy of providing applicants and employees with equal employment opportunities. LMI recruits, hires, trains, and promotes people without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, pregnancy, disability, age, protected veteran status, citizenship status, genetic information, or any other characteristic protected by applicable federal, state, or local law. If you are a person with a disability needing assistance with the application process, please contact
Colorado Residents: In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.
Need help finding the right job? 
Never miss an opportunity! Create an alert based on the job you applied for.