Security Engineer

• Conduct independent, comprehensive assessments of management, operational, and technical security/privacy controls per NIST SP 800-37
• Perform security reviews to identify architectural gaps and provide recommendations for risk mitigation
• Conduct risk analyses (threats, vulnerabilities, probability of occurrence) during significant system/application changes
• Plan and execute security authorization reviews, assurance case development, and audits for system installations and networks
• Provide input to the Risk Management Framework (RMF) and related documentation, including lifecycle support plans, CONOPS, and operational procedures
• Review authorization packages and assurance documents to confirm acceptable risk levels for systems, applications, and networks
• Verify that system, network, and application security postures are implemented as designed, documenting deviations and recommending corrective actions
• Assess the effectiveness of implemented security controls across management, operational, and technical areas
• Support compliance activities by ensuring security configuration guidelines and standards are followed
• Evaluate configuration management and release processes for security impacts
• Define/document how new systems or interfaces affect the organization’s current security posture
• Develop security compliance processes and perform audits of external services (e.g., CSPs, data centers)
• Ensure Plans of Action & Milestones (POA&Ms) and remediation plans are established for vulnerabilities
• Participate in Risk Governance processes by presenting risks, mitigations, and technical assessments
• Support acquisition and procurement efforts to ensure information security requirements are integrated
• Produce reports, briefings, and technical documentation reflecting assessment results and recommendations
• Role is mostly remote with occasional onsite meetings in the Arlington area; contingent on contract award; no travel reimbursements allocated

Senior Security Control Assessor, SCA

Cloud Security Architecture Lead

Lead Security Engineer

Field Marketing Manager

Cybersecurity Architect

Security Consultant II