Cyber Security Engineer, Senior

Location:Rockville MD (Hybrid) (2 Days Onsite)

Position Title: Cyber Security Engineer Senior

Clearance:Secret

Required:US Citizenship

Position Summary:The Cyber Security Engineer role provides hands-on cybersecurity engineering support for vulnerability assessment risk management compliance and continuous authorization activities in accordance with DoD Air Force and federal security standards.

The Cyber Security Engineer works closely with DevSecOps engineers system administrators procurement staff and Government stakeholders to integrate security controls throughout the software lifecycle support Risk Management Framework (RMF) and Continuous Authority to Operate (C-ATO) processes and maintain a strong auditable security posture across cloud containerized and SaaS environments.

Key Responsibilities

Security Engineering & Vulnerability Management

• Conduct software security testing across COTS FOSS and custom-developed tools prior to onboarding and throughout sustainment within the Clients DevSecOps environment.
• Perform continuous vulnerability monitoring using Government-approved scanning tools including scheduled and on-demand scans aligned with patch cycles and deployment events.
• Integrate automated security testing into CI/CD pipelines in coordination with DevSecOps engineers to enable early detection of vulnerabilities.
• Analyze scan results to identify prioritize and document vulnerabilities based on CVSS scoring exploitability system exposure and mission impact.
• Track vulnerabilities through remediation validation and closure ensuring findings are properly dispositioned and documented.
• Support patch validation and remediation activities verifying that fixes do not introduce regressions or break security controls.
• Assess software dependencies and third-party components for known vulnerabilities and supply-chain risk.
• Validate secure configuration baselines following installations upgrades and patches.

Risk Management Framework and Authorization Support

• Support RMF activities asystem categorization control selection control implementation assessment and continuous monitoring.
• Develop update and maintain security accreditation artifacts including:
  • System Security Plans (SSPs)
  • Security Assessment Reports (SARs)
  • Plans of Action & Milestones (POA&Ms)
• Map implemented technical and procedural controls to NIST control families and document inheritance where applicable.
• Provide cybersecurity input to support Continuous Authorization to Operate (C-ATO) processes for enterprise software tools.
• Support security assessments audits and reviews by Government cybersecurity organizations.
• Maintain RMF documentation in approved security documentation and collaboration systems.
• Ensure security artifacts remain current consistent and audit-ready throughout the contract lifecycle.

Compliance and Standards Alignment

• Apply and interpret cybersecurity requirements from:
• Support FedRAMP compliance activities for cloud-hosted and SaaS tools including:
• Validate that integrated tools comply with DoD security privacy and data protection requirements prior to approval and deployment.
• Review software configurations to ensure alignment with approved security baselines and accreditation boundaries.
• Identify compliance gaps and recommend technical and procedural mitigations.
• Support ongoing continuous monitoring activities required under RMF and C-ATO models.

Security Reporting and Coordination

• Produce security posture reports summarizing vulnerability trends open risks remediation progress and compliance status.
• Provide cybersecurity input to Software Toolchain Reports and Security Accreditation Reports required by the contract.
• Collaborate with Government cybersecurity engineering procurement and program offices to:
  • Communicate security risks
  • Recommend mitigations
  • Support risk acceptance decisions
• Provide cybersecurity expertise to support Software Purchase Approval Packages (A003) by assessing security posture of proposed tools.
• Participate in technical discussions related to tool onboarding renewals and lifecycle decisions.
• Support incident response coordination and root-cause analysis for security-related issues impacting toolchain operations.

Requirements

• 57 years of experience in cybersecurity engineering vulnerability assessment and security compliance within DoD or federal environments.
• Bachelors degree inCybersecurity Information Assurance (IA) Computer Science or a related field or equivalent professional experience.
• Demonstrated experience supporting RMF and system authorization activities for enterprise systems.
• Experience working within DevSecOps or CI/CD environments supporting cloud and containerized platforms.

Certifications

• One or more of the following (or equivalent):
  • Security
  • CISSP
  • RMF-related certification

Technical Skills

• Proficiency with vulnerability scanning tools (e.g. Nessus Qualys or equivalent).
• Experience using RMF tools and security documentation systems to develop SSPs SARs and POA&Ms.
• Working knowledge of cloud security controls container security concepts and software supply chain risk.
• Familiarity with Git-based collaboration tools (e.g. GitLab or equivalent) for tracking security artifacts and changes.

Compensation and Benefits

The projected compensation range for this position is $120000 to $180000 per year benchmarked in the Washington D.C. metropolitan area. The salary range provided is a good faith estimate representative of all experience levels. Salary at LCG is determined by various factors including but not limited to role location the combination of education/training knowledge skills competencies certifications and work experience.

LCG offers a competitive comprehensive benefits package which includes health insurance options (medical dental vision) life and disability insurance retirement plan contributions as well as paid leave federal holidays professional development and lifestyle benefits.

Devoted to Fair and Inclusive Practices

All qualified applicants will receive consideration for employment without regard to sex race ethnicity age national origin citizenship religion physical or mental disability medical condition genetic information pregnancy family structure marital status ancestry domestic partner status sexual orientation gender identity or expression veteran or military status or any other basis prohibited by law.

If you are interested in applying for employment with LCG and need special assistance or an accommodation to apply for a posted position contact our Human Resources department by email at.

Securing Your Data

Beware of fraudulent job offers using LCGs name. LCG will never request payment-related details or advancement of money during the application process. Legitimate communication will only come from oremails not free commercial services like Gmail or WhatsApp. If you receive suspicious emails asking for payment or personal information contact us immediately at.

If you believe you are the victim of a scam contact your local law enforcement and report the incident to theU.S. Federal Trade Commission.