Security Engineer (Platform Assurance Compliance)

Job Family:

Travel Required:

Clearance Required:

Guidehouse is seeking a Security Engineer to join our Technology / AI and Data team supporting mission-critical initiatives for Defense and Security this role you will ensure advanced AI-driven platforms meet stringent federal security and compliance requirements including FedRAMP High RMF and NIST standards. You will embed secure architecture patterns validate control implementation and maintain continuous monitoring readiness across cloud backend and AI/ML components. Acting as a key liaison between engineering teams and security stakeholders you will drive risk identification and remediation support accreditation activities and deliver secure resilient solutions that enable trusted decision-making in support of national security objectives.

What You Will Do:

• Serves as a core security engineer ensuring the adjudication AI platform meets applicable federal requirements including FedRAMP High RMF NIST 800-53 CJIS and FBI ATO standards.

• Collaborates with cloud DevOps backend and AI/ML teams to embed secure architecture patterns validate control implementation and maintain continuous monitoring readiness across all platform components.

• Develops RMF documentation supports POA&M management conducts vulnerability assessments ensures secure baseline configurations and supports accreditation activities.

• Acts as the liaison between engineering teams and ISSO/security stakeholders ensuring risks are identified tracked and remediated efficiently.

Security Engineering & Control Implementation

• Implement NIST 800-53 and FedRAMP High controls across access management encryption monitoring boundary protection configuration management and secure data lifecycle workflows.

• Validate secure configuration of AWS GovCloud services EKS clusters container runtimes VPC boundaries IAM policies and workload identities.

• Ensure backend APIs vector stores retrieval services LLM inference gateways scoring engines and memo-generation modules follow compliant security standards.

• Embed secure coding least-privilege access enforcement input validation and hardened model-serving workflows across all development teams.

RMF ATO Support & Compliance Documentation

• Develop and maintain SSPs CIS statements boundary diagrams data-flow diagrams and continuous monitoring documentation for ATO readiness.

• Assist with creation tracking and remediation of POA&M items ensuring timely closure of vulnerabilities and deficiencies.

• Prepare system artifacts for assessments security testing authorization reviews and continuous monitoring updates.

• Support mapping of AI/ML-specific risksmodel outputs retrieval pathways data provenanceto RMF controls and ATO expectations.

Vulnerability Management & Continuous Monitoring

• Conduct vulnerability scans (Inspector ECR scanning Nessus/Qualys) analyze results and coordinate remediation with engineering teams.

• Support patching workflows baseline enforcement configuration drift detection and container/OS hardening processes.

• Validate CloudTrail CloudWatch GuardDuty Config Rules and other logging/monitoring systems for compliance with AU SI RA and CM control families.

• Develop dashboards and reporting for CA-7 RA-5 CM-6 AU-x and other continuous monitoring requirements.

Secure Development CI/CD & DevSecOps Alignment

• Integrate SAST SCA IaC scanning container scanning and dependency verification into DevSecOps workflows.

• Validate Terraform/CloudFormation templates for alignment with encryption identity and GovCloud boundary restrictions.

• Review API design authentication flows model inference endpoints and data-ingestion pipelines for security gaps or policy violations.

• Support hardening of LLM workflows retrieval processes and document-ingestion operations.

Mission Support & Collaboration

• Work with backend cloud AI/ML and data engineering teams to translate controls into engineering requirements aligned with adjudication workflows.

• Provide teams with security requirements engineering checklists and compliance guidance to accelerate delivery while maintaining security posture.

• Collaborate with adjudicators mission SMEs and operations teams to ensure evidence tracking audit logging and data-handling workflows support mission needs.

What You Will Need:

• An ACTIVE and MAINTAINED TOP SECRET Federal or DoD securityclearance and obtained and maintain TS/SCI clearance.

• Bachelor s Degree or Four (4) additional Years of experience in lieu of degree.

• 5 years of cybersecurity engineering experience including 3 years supporting RMF FedRAMP CJIS or ATO systems.

• Knowledge of NIST 800-53 controls FedRAMP High requirements AWS GovCloud security patterns IAM encryption (KMS/TLS) logging pipelines and vulnerability scanning tools.

• Experience writing ATO documentation control statements risk assessments and boundary artifacts.

• Strong communication skills supporting collaboration with engineers and mission stakeholders.

What Would Be Nice To Have:

• CISSP CCSP Security or AWS Security Specialty certifications.

• Experience supporting FBI IC DoD DHS or other national-security systems.

• Experience securing AI/ML platforms LLM inference pipelines retrieval systems or sensitive-data workloads.

• Familiarity with adjudication continuous vetting or personnel security workflows.

• Experience with zero-trust architectures air-gapped deployments or SCIF-compatible systems.

What We Offer:

Guidehouse offers a comprehensive total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

• Medical Rx Dental & Vision Insurance

• Personal and Family Sick Time & Company Paid Holidays

• Parental Leave

• 401(k) Retirement Plan

• Group Term Life and Travel Assistance

• Voluntary Life and AD&D Insurance

• Health Savings Account Health Care & Dependent Care Flexible Spending Accounts

• Transit and Parking Commuter Benefits

• Short-Term & Long-Term Disability

• Tuition Reimbursement Personal Development Certifications & Learning Opportunities

• Employee Referral Program

• Corporate Sponsored Events & Community Outreach

• annual membership

• Employee Assistance Program

• Supplemental Benefits via Corestream (Critical Care Hospital Indemnity Accident Insurance Legal Assistance and ID theft protection etc.)

• Position may be eligible for a discretionary variable incentive bonus

About Guidehouse

Guidehouse is an Equal Opportunity EmployerProtected Veterans Individuals with Disabilities or any other basis protected by law ordinance or regulation.

Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.

If you have visited our website for information about employment opportunities or to apply for a position and you require an accommodation please contact Guidehouse Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.

All communication regarding recruitment for a Guidehouse position will be sent from Guidehouse email domains including @ or . Correspondence received by an applicant from any other domain should be considered unauthorized and will not be honored by Guidehouse. Note that Guidehouse will never charge a fee or require a money transfer at any stage of the recruitment process and does not collect fees from educational institutions for participation in a recruitment event. Never provide your banking information to a third party purporting to need that information to proceed in the hiring process.

If any person or organization demands money related to a job opportunity with Guidehouse please report the matter to Guidehouses Ethics Hotline. If you want to check the validity of correspondence you have received please contact . Guidehouse is not responsible for losses incurred (monetary or otherwise) from an applicants dealings with unauthorized third parties.

Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.