Compliance and Security Engineer

Youve stumbled upon the rare B Corp government contractor!

At TCG we aim to prove that businesses can be good to their employees and responsible to their community while being profitable. Were an award-winning IT solutions provider to the Federal government seeking a Compliance and Security Engineer to join our project team at a major Federal agency.

The Compliance and Security Engineer will collaborate with operational teams and the Chief Information Officer (CIO) to uphold the security posture and ensure the implementation and maintenance of security controls in compliance with security plans and regulations. This role offers the unique opportunity to develop both Information Security Officer and Systems Engineering skills eventually transitioning into a mid-level engineering position with a focus on technical work.

US Citizenship is required for this addition the selected applicant must submit to a government background investigation and be favorably adjudicated before their first day.

While primarily remote this position may require occasional on-site meetings. The selected candidate must live within commuting distance of Washington D.C.

RESPONSIBILITIES:

• Conduct scheduled vulnerability scans with Nessus Tenable and Qualys across Windows Linux and container platforms; analyze results document findings and create POA&M entries to drive remediation planning.
• Operate enterprise SIEM solutions (Splunk ArcSight QRadar etc.) correlating alerts performing rootcause investigations and executing incident containment and closure in accordance with NIST80061.
• Draft maintain and update System Security Plans (SSPs) Risk Assessment Reports POA&M logs and System Requirements Traceability Matrices (SRTMs) to ensure alignment with NIST80053 Rev5 and FISMA mandates.
• Generate compliance dashboards and report status to leadership.
• Assist in the design implementation and testing of NIST80053 controls (e.g. Access Control System & Communications Protection Identification & Authentication).
• Participate in periodic control assessments including pre-penetration test reviews to validate the security posture.
• Administer and optimize monitoring stacks; finetune alert thresholds develop custom probes and deliver concise quicklook reports to stakeholders.
• Harden operating systems (Windows RHEL/CentOS Ubuntu) and container images applying CIS Benchmarks and conducting baseline compliance scans.
• Review source code snippets (Python Ruby Java) for OWASP and CIS guideline violations; recommend secure coding practices.
• Automate repetitive security tasks using lightweight scripts (Python Bash) to increase efficiency and reduce human error.
• Collaborate with DevSecOps teams to embed security controls throughout CI/CD pipelines (Jenkins GitLab Azure DevOps) ensuring secure deployment of applications.
• Provide expert guidance to developers on secure coding threat modeling and testing methodologies.
• Mentor junior analysts on monitoring logging and documentation best practices.
• Author internal knowledgebase articles develop training materials and conduct short workshops to elevate team capability.

REQUIRED SKILLS & EXPERIENCE:

• Minimum of 4years of experience in IT security including 2years in a federal or ISSOequivalent role such as System Security Officer or Security Analyst.
• Demonstrated mastery of NIST80053 Rev5 NIST80061 and related NIST 800series publications applying these frameworks to security planning and operations.
• Proficient with enterprise SIEM platforms (Splunk QRadar ArcSight) for event correlation threat detection and incident response.
• Experienced in deploying and interpreting vulnerability scans using tools like Tenable Qualys Nexpose etc. and translating findings into actionable remediation plans.
• Skilled in monitoring infrastructure including the design of dashboards threshold tuning and alert management.
• Adept at configuring and maintaining security appliances to enforce perimeter security and web application protection.
• Comfortable scripting in Python (or PowerShell Bash) for automation data extraction and basic codereview tasks.
• Solid understanding of networking fundamentals-TCP/IP DNS HTTP/HTTPS and SSL/TLS-including packet analysis and troubleshooting.
• Proficient in Microsoft Office (Word Excel) and Atlassian suites (Jira Confluence) for creating SOPs generating reports and maintaining dashboards.
• Strong analytical and problemsolving abilities capable of exercising independent judgment in complex security scenarios.
• Excellent verbal and written communication skills with the capacity to craft concise audienceappropriate security briefs for both technical and nontechnical stakeholders.

PREFERRED SKILLS & EXPERIENCE:

• Tenable SC/IO Nessus Advanced Qualys or other enterprise vulnerability platforms.
• Experience running Blue/Redteam exercises or tabletop simulations.
• Knowledge of container security (Docker Kubernetes) CI/CD automation and IaC (Terraform CloudFormation).
• FedRAMP knowledge understanding of RMF implementation.

EDUCATION:

• Bachelors degree preferred preferably in Computer Science Information Technology or a related field. Experience may be substituted in the absence of a degree

TCG does not discriminate based on race sex color religion national origin age disability caste or veteran status.

Our B Corp mission is reflected in our benefits including offerings like health care 401K parental leave adoption assistance financial planning services student loan repayment assistance and training budget. Theres more; see for yourself.

TCG is recognized for treating employees fact in 2025 The Washington Post named TCG as a Top Workplace for the eleventh straight year based on how our employees feel about the company the benefits TCG offers and the work/life balance that our staff the Washington Post Top Workplace survey our CEO was ranked best by TCG employees votes among all midsize companies.

Try us ... well make you happy.

Internal title/grade: System Engineer E2
Salary Range: $95000 - $120000

All individuals being hired to work for TCG must submit to and successfully pass a pre-employment background investigation prior to reporting for their first day of work. The pre-employment background investigation will include verification of employment and education as well as a criminal and DMV check.

Additional documentation and background checks will also be required for positions that require clearance from the Federal government.