Security Engineer
On-site · Sterling, Virginia, United States
Job Summary
Senior Security Engineer to support cybersecurity operations, compliance, and risk management for FedRAMP-authorized and IC systems. Lead FedRAMP Moderate/High and IC ATO efforts, implement RMF, NIST 800-53/800-37, FedRAMP, and ICD 503 requirements; manage ConMon programs; develop SSPs, SARs, POA&Ms; lead vulnerability management using Nessus, ACAS, SCAP, and STIG; support Security Operations and Incident Response; design security controls for AWS GovCloud and Azure Government; integrate security into DevSecOps/CI-CD pipelines; assist with audits including 3PAO, FedRAMP assessments, agency ATO reviews, and IG audits; collaborate with developers, cloud architects, ISSOs/ISSMs, compliance teams, and government stakeholders; mentor junior staff and promote risk-informed decision-making.
Required Qualifications
- Active TS/SCI with Polygraph
- Bachelor's degree or higher in Cybersecurity, IT, or related field and 5+ years' experience in Cybersecurity in federal or IC environments OR Masters and 3+ years of experience in Cybersecurity in federal or IC environments
- Strong Knowledge of NIST RMF (800-37), NIST 800-53 controls, and FedRAMP requirements
- At least one of the following certifications: CISM or CISA, CompTIA Security+ (baseline), Certified Authorization Professional (CAP), CCSP (cloud security)
- Experience in tools: NIST 800-53, RMF, FedRAMP, ICD 503, ServiceNow GRC, Splunk, AWS GovCloud, Azure
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.