TalentWerx

Cyber Security Engineer – Compliance Lead

TalentWerx

full-time

Posted on:

Location Type: Remote

Location: Remote • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $144,360 - $196,171 per year

Job Level

Senior

Tech Stack

AnsibleAWSCloudCyber SecuritySplunkTerraform

About the role

  • Lead cybersecurity and compliance responsibilities for assigned systems, including control implementation, documentation, and coordination with the ISSM for enterprise reporting and ATO sustainment
  • Support the ISSM with continuous monitoring responsibilities, including log review and analysis using SIEM tools (e.g., Splunk) to identify anomalies, validate security control effectiveness, and support incident response coordination
  • Conduct Vulnerability Analysis and Review of ACAS scans
  • Lead POA&M management, including development of realistic remediation strategies, validation coordination with engineers, and ongoing tracking in support of system ATO sustainment
  • Utilize DevSecOps methodologies to analyze and ensure that development requirements effectively integrate security requirements throughout the entire process
  • Employ best practices when implementing controls including software engineering methodologies; system and security engineering principles; security-enhancing design, architecture, and coding techniques
  • Validate system architecture diagrams and component boundary definitions to ensure consistency with security authorization boundaries and inherited control structures
  • Coordinate security activities with system leads, ISSM’s and program managers
  • Lead or support system categorization, control selection, and inheritance planning; ensure artifacts in eMASS are maintained and aligned with RMF timelines and requirements
  • Ensure system-level security requirements are identified, designed, implemented, and evaluated in coordination with engineers and stakeholders
  • Conduct formal risk assessments, evaluate mitigation options and residual risks, and deliver actionable recommendations to system stakeholders
  • Design, deploy, and validate security control implementations; employ security-as-code in CI/CD pipelines using tools such as Terraform, Ansible, or AWS CloudFormation
  • Conduct security design reviews of infrastructure components such as VPCs, IAM roles, load balancers, and container orchestration services (ECS, Fargate)
  • Lead internal and external security audits and investigations, coordinate responses to findings, and oversee corrective action plans
  • Provide authoritative guidance on cybersecurity strategy, policy application, and compliance across development and operations environments, ensuring integration with DoD and Service Component cybersecurity architectures and Zero Trust principles
  • Lead system-level Continuous Monitoring efforts, including vulnerability remediation tracking, control validation, STIG compliance, and submission of recurring security status reports to AO-designated representatives
  • Ensure compliance with government regulations and industry standards
  • Support operational strategies aligned within your program and initiatives that optimize processes, enhance productivity, and ensure quality across all program functions.
  • Ensure 100% of planned hours are worked and recorded
  • Identify and forward to your leadership any opportunities that could lead to growth within your work area
  • Ensure all contractual deliverables are met/exceeded to the customer's satisfaction
  • Completes personal PDP and attend Staff Meeting and Storytime (with camera on)
  • Within your program, build productive and positive professional relationships with clients
  • Performs other related duties as assigned

Requirements

  • Active Secret clearance
  • Bachelor's (or equivalent) with 10 - 12 years of experience, or a Master's with 8 - 10 years of experience
  • DoD 8570/8140 certification required. IAM Level III preferred (e.g., CISSP, GSLC, CISM)
  • Experience directly configuring and deploying technical security controls in cloud and containerized environments (IAM policies, VPC configurations, ECS hardening, container runtime controls)
  • Solid application of systems engineering concepts, principles, and theories
  • Creative thinker, good at multitasking
  • Ability to clearly recognize and report relevant system security concerns and issues
  • Understanding of verification and validation process
  • Demonstrated experience leading RMF efforts for DoD classified and/or unclassified systems through assessment and authorization (A&A), including artifact development in eMASS
  • Ability to interpret and implement NIST 800-53 Rev. 5 controls and translate into actionable engineering and operational requirements
  • Familiarity with compliance-as-code frameworks (OpenSCAP, InSpec, ConMon dashboards)
  • Familiarity with developing and maintaining artifacts aligned to continuous monitoring, including control evidence repositories, system inventory tracking, and active POA&M management
  • Strong working knowledge of ACAS, Nessus, eMASS, AWS Inspector, and security documentation requirements
  • Experience interpreting and applying DISA STIGs, SCAP results, and vulnerability severity data from Nessus or AWS Inspector within enterprise-level remediation strategies
Benefits
  • Health and wellness programs
  • Income protection
  • Paid leave
  • Retirement and savings

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
cybersecuritycomplianceVulnerability AnalysisDevSecOpssecurity control implementationrisk assessmentssecurity design reviewscloud securitysystems engineeringcontinuous monitoring
Soft skills
leadershipmultitaskingcommunicationproblem-solvingrelationship buildingcreative thinkingreportingcoordinationstrategic thinkingquality assurance
Certifications
Active Secret clearanceDoD 8570/8140 certificationCISSPGSLCCISM