Lead Security Engineer

Revolutional delivers advanced technology solutions and mission support to federal agencies across civilian, health, and national security environments. We apply modern capabilities, including AI/ML, cloud, cybersecurity, and IT modernization to solve complex challenges, enable faster and more secure operations, and drive measurable mission outcomes.

We are redefining how federal technology gets built and delivered by operating with a product mindset, prioritizing speed, ownership, and execution over bureaucracy.

Lead Security Engineer

Location: Suitland, MD (Hybrid)

Terms: Full-time

Clearance/Work Authorization: U.S. Citizenship with the ability to obtain and maintain a Public Trust is required

Travel: 0-20%

Project Description

This position supports Revolutional's federal customer as part of an application transformation and modernization initiative.

This program is driving a large-scale transformation of systems into a data-centric, cloud-native ecosystem capable of supporting high-volume, near real-time data processing and advanced analytics. The work includes modernization of legacy applications, development of new cloud-native solutions, and implementation of DevSecOps and scaled Agile practices across the organization.

The core challenge: orchestrating complex, multi-contractor delivery while transforming both technology and operating models without disrupting mission-critical operations.

Position Description

As a Lead Security Engineer at Revolutional, you will define and drive enterprise security engineering strategy and execution across a large-scale federal modernization program.

You will be responsible for integrating security into every layer of the environment, including applications, APIs, data platforms, cloud infrastructure, CI/CD pipelines, and operational processes. You will work across architecture, engineering, operations, and vendor teams to ensure security is proactive, automated, measurable, and aligned with federal compliance requirements.

This role requires someone who can balance security rigor, operational resiliency, and delivery velocity while supporting secure modernization across complex system-of-systems environments.

Responsibilities

• Provide technical leadership across enterprise security engineering efforts within a large-scale modernization program
• Design and implement security controls across cloud, application, API, data, and infrastructure layers
• Integrate security into DevSecOps pipelines using automated scanning, policy enforcement, CI/CD controls, and security governance practices
• Support Authority to Operate (ATO) processes, POA&M management, continuous monitoring, audit support, and remediation tracking activities
• Ensure compliance with federal security frameworks and standards including NIST 800-53, FedRAMP, FISMA, Zero Trust, MFA, secure SDLC, and federal ATO requirements
• Secure system-of-systems (SoS) environments spanning multiple vendors, contractors, integrated platforms, and distributed architectures
• Implement and govern IAM strategies including RBAC, ABAC, MFA, privileged access management, authentication, authorization, and Zero Trust principles
• Design and support API and microservices security architectures, including secure API design, token-based authentication, and authorization frameworks
• Conduct penetration testing, threat modeling, SAST/DAST scanning, vulnerability assessments, and end-to-end remediation coordination
• Support supply chain security initiatives including Software Bill of Materials (SBOM), dependency risk analysis, and third-party software validation
• Implement security controls supporting encryption, sensitive data protection, PTA/PIA requirements, privacy standards, and secure data handling practices
• Support security operations activities including monitoring, alerting, incident response, root cause analysis, and operational troubleshooting
• Design and maintain dashboards, KPIs, risk reporting, compliance metrics, and security posture reporting
• Develop and maintain security documentation including architecture artifacts, playbooks, operational procedures, compliance documentation, and governance materials
• Collaborate across architecture, engineering, operations, and vendor teams to align security requirements with modernization and delivery objectives
• Mentor engineering and security teams on secure coding, secure architecture, operational security practices, and DevSecOps standards

Technical Environment

• Cloud-native environments (AWS, Azure)
• DevSecOps pipelines and CI/CD automation frameworks
• SIEM, monitoring, alerting, and security analytics platforms
• Container security, image scanning, and runtime protection tools
• APIs, microservices, and distributed integration architectures
• Infrastructure-as-Code and automation platforms
• Security testing platforms (SAST, DAST, vulnerability management)
• Identity and access management platforms and Zero Trust architectures
• Enterprise data ecosystems supporting high-volume and near real-time processing
• Agile and scaled Agile (SAFe) delivery environments
• Delivery and collaboration tools (Git, Jira, Confluence, ServiceNow)

What You Bring (Requirements)

Baseline Requirements

• U.S. Citizenship with the ability to obtain a Public Trust
• 15+ years of experience in cybersecurity, security engineering, or enterprise modernization initiatives
• Certified Information Systems Security Professional (CISSP) required
• Certified Cloud Security Professional (CCSP) required
• Proven experience securing large-scale, distributed cloud and enterprise environments
• Ability to obtain and maintain a Public Trust clearance

Technical Capabilities

• Strong experience implementing security controls in cloud-native and hybrid environments
• Experience supporting ATO processes, POA&M management, continuous monitoring, and federal compliance programs
• Strong understanding of NIST 800-53, FedRAMP, FISMA, Zero Trust, MFA, secure SDLC, and federal cybersecurity frameworks
• Experience integrating security into DevSecOps pipelines including SAST, DAST, automated policy enforcement, and CI/CD security controls
• Experience securing APIs, microservices, distributed systems, and system-of-systems (SoS) environments
• Experience implementing IAM strategies including RBAC, ABAC, MFA, and privileged access controls
• Experience supporting supply chain security including SBOM and dependency risk management
• Experience with penetration testing, vulnerability management, remediation tracking, and threat modeling
• Experience implementing data security, encryption, privacy controls, and PTA/PIA processes
• Experience supporting security operations including monitoring, alerting, incident response, and root cause analysis
• Experience with SIEM, container security, image scanning, runtime protection, and cloud-native security platforms
• Experience developing dashboards, KPIs, risk reporting, and security governance reporting
• Experience maintaining security documentation, architecture artifacts, playbooks, and compliance records

Core Strengths

• Strong ownership mindset with accountability for enterprise security outcomes
• Ability to influence security practices across engineering, architecture, and operational teams
• Strong decision-making capabilities balancing security, compliance, performance, and delivery objectives
• Effective communication across technical, operational, executive, and vendor stakeholders
• Ability to operate across complex, evolving, multi-contractor delivery environments
• Strong analytical and problem-solving skills with measurable impact on enterprise risk posture

Nice to Have (Differentiators)

• CISM, CISA, or other advanced cybersecurity certifications
• Experience supporting statistical and similarly large-scale federal modernization programs
• Experience implementing enterprise Zero Trust architectures
• Experience securing high-volume, real-time data processing platforms
• Experience supporting DevSecOps-enabled enterprise modernization programs
• Experience with large-scale cloud-native operational security environments

#DICE #Linkedin

___________________________________________________________________________________________________________

Here at Revolutional we are pleased to have been repeatedly recognized for our outstanding work culture, the innovative work we do, and the employees on our team who make a difference each day. Some of these recognitions include:

• Recognized as a Top 20 "Best Place to Work in Virginia"
• Recipient of Department of Labor's HireVets Gold Medallion
• Great Place to Work Certification for five years running
• A Virginia Chamber of Commerce Fantastic 50 company
• A Northern Virginia Technology Council Tech 100 company
• Inc. 5000 list of fastest growing companies for eleven years
• Two-time SBA SBIR Tibbett's Award winner
• Virginia Values Veterans (V3) Certification

We recognize that every bit of our success is the result of our teams of hard-working, motivated, and innovative professionals who are proud to call themselves part of the Revolutional family! In addition to competitive compensation, a family-focused culture, and a dynamic, productive work environment, we offer all full-time employees a variety of benefits including, but not limited to

• Traditional and HSA- eligible medical insurance plans
• 100% employer-paid dental and vision insurance options
• 100% employer-sponsored STD, LTD, and life insurance
• 5% 401(k) company matching
• Flexible-schedules and teleworking options
• Paid holidays and PTO Accrual Plans
• Paid Parental Leave
• Professional development and career growth opportunities
• Team and company-wide events, recognition, and appreciation-- and so much more!

Check out our to find out a little more about who we are and if we are the right next step for your career!

Revolutional is an Equal Opportunity Employer providing equal employment opportunity to all employees and applicants for employment without regard to race, color, religion, national origin, age, gender, gender identity, sexual orientation, disability, or genetics. Revolutional does and will take affirmative action to employ and advance in employment individuals with disabilities and protected veterans. To perform the above job successfully, an individual must possess the knowledge, skills, and abilities listed; meet the education and work experience required; and must be able to perform each essential duty and responsibility satisfactorily. Other duties in addition to those listed may be assigned as necessary to meet business needs. Reasonable accommodation will be made to enable an applicant with a disability to successfully apply for and/or perform the essential duties of the job. If you are in need of an accommodation, please contact .