Lead Security Engineer

Cloud computing continues to allow us to modernize and consolidate IT infrastructure automate workloads and pursue next-generation innovation. We are seeking a Security Engineer to serve as a technical leader for our critical cloud modernization initiatives. This high-impact role is focused on securing Azure cloud environments and embedding security into every phase of the System Development Life Cycle (SDLC).

As the Senior Security Engineer you will define the security posture lead implementation and oversee the governance of cloud security solution for our IHS customer. This role is pivotal in ensuring the confidentiality integrity and availability of cloud-hosted assets while enabling secure innovation at scale. You will partner closely with Cloud Engineers and program leadership to drive continuous improvement and deliver maximum value to the mission.

KEY RESPONSIBILITIES:

Architecture and Engineering

• Cloud Security Architecture: Design architect and implement secure scalable cloud infrastructure across an Azure platform ensuring alignment with Zero Trust principles and defense-in-depth strategies.
• Identity Credential and Access Management (ICAM): Architect implement and maintain secure ICAM solutions including federated identity Role-Based Access Control (RBAC) and robust encryption/key management systems (KMS) as required.
• DevSecOps Integration: Lead the integration of security tools and practices into CI/CD pipelines (DevSecOps workflows) to enable automated security testing vulnerability scanning and compliance validation.
• Automation: Define enforce and automate cloud security policies standards and control frameworks using Infrastructure as Code (IaC) and native cloud services.

Governance and Compliance Leadership

• Compliance Strategy: Develop and lead strategic approaches for achieving and maintaining compliance with critical federal frameworks including FedRAMP and NIST SP 800-53.
• Authorization Liaison: Serve as the primary security liaison implementing necessary controls and coordinating closely with authorizing officials (AOs) at Health and Human Services (HHS) and other federal agencies throughout the Authority to Operate (ATO) process.
• System Documentation: Lead efforts to develop maintain and oversee all system security documentation including System Security Plans (SSPs) standard operating procedures security control baselines implementation details and other compliance workbooks/whitepapers.
• Cybersecurity Governance: Represent Cybersecurity on contractor and government Change Control Boards (CCBs) to ensure all system changes are assessed for security impact and compliance prior to deployment.

• Audit Support: Lead security control assessments support audits of the system and drive the development and closure of Plan of Action & Milestones (POA&M) findings.

Operations Risk and Strategy

• Threat & Risk Management: Lead comprehensive threat modeling and vulnerability management efforts. Conduct thorough Security Impact Analyses (SIAs) and risk assessments for new services functionality and proposed architectural changes ensuring all risks are documented and mitigated.
• Continuous Monitoring: Design and implement continuous monitoring solutions using Cloud Security Posture Management Cloud Workload Protection Platform and other advanced security tools.
• Stakeholder Alignment: Collaborate across engineering compliance and operations teams. Serve as a technical authority to internal and external customers defending security posture changes related to Configuration Management (CM) and the overall security baseline.
• Proactive Strategy: Stay ahead of emerging cloud threats evolving attack vectors and industry best practices proactively recommending mitigation and strategic security improvements.

REQUIRED EDUCATION AND EXPERIENCE:

• Education: Bachelors Degree in Computer Science Engineering Information Technology or a related field. Additional years of experience may be considered in lieu of a degree.
• Experience: 8-12 years of professional experience in IT with a minimum of 6 years focused on Information Security Engineering with at least 2 years focused on cloud security architecture.
• Clearance: Ability to obtain and maintain a Public Trust or higher security clearance (if required for the mission/client).
• Certifications: Active advanced security certification required such as CCSP (Certified Cloud Security Professional) and Azure Security Engineer Associate (AZ-500).

REQUIRED CORE TECHNICAL SKILLS: AZURE FOCUS

• Azure Security Expertise: Deep verifiable expertise in securing Azure services cloud architectures and the shared responsibility model. Expert-level understanding of how to implement NIST SP 800-53 (Rev 5) security controls within an Azure Government environment.
• Identity Credential and Access Management (ICAM): Extensive experience with Azure Active Directory (Azure AD/Entra ID) conditional access policies and hybrid identity solutions.
• Automation: Hands-on experience implementing security controls using Infrastructure as Code (IaC) tools such as Terraform or Bicep.
• Containers: Strong hands-on experience securing containerization and orchestration platforms (Docker Kubernetes AKS EKS).
• Scripting and Automation: Strong proficiency in PowerShell/Bash and/or Python

REQUIRED PROFESSIONAL SKILLS

• Communication: Excellent written and verbal communication skills. Ability to communicate effectively within cross-functional teams and with external stakeholders.
• Analysis & Troubleshooting: Strong analytical and troubleshooting skills to rapidly diagnose and resolve complex security issues.

DESIRED QUALIFICATIONS:

• Certifications: Active CISSP certification is highly desirable.
• Zero Trust: Expertise in Zero Trust principles and architecting security solutions in the Azure cloud environment.
• Federal Compliance: Direct experience implementing federal compliance frameworks such as FedRAMP NIST 800-53 (Rev 5) and Cybersecurity Maturity Model Certification (CMMC).
• Verifiable experience maintaining FedRAMP authorization boundaries including authoring System Security Plans (SSPs) and providing guidance on the shared responsibility model for security and compliance to customers and partners.
• Federal Experience: Prior experience with federal agency cloud modernization efforts.

Come break things (in a good way). Then build them smarter.

Were the tech company everyone calls when things get weird. We dont wear capes (theyre a safety hazard) but we do solve high-stakes problems with code caffeine and a healthy disregard for how its always been done.

Original Posting:

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.