Lead Security Engineer

Location: Rockville MD

Work Type: Hybrid Work (Minimum 2 days onsite may extend based on client meetings delivery needs and proposal support)

Job Title: Lead Security Engineer

Clearance: Public Trust

Job Summary: LCG is seeking a Lead Security Engineer will provide senior-level enterprise security engineering architecture and cloud security expertise in support of Clients OMTO/DTM Cybersecurity and Management Support. Under the guidance of the HHS CIO CISO and SAOP this role designs and implements security solutions across on-premise and cloud environments supports security tool operations and integration ensures environments meet HHS security requirements and provides expert remediation guidance to address vulnerabilities and security gaps.

Key Responsibilities

Engineer and Implement Enterprise Security Solutions

• Design engineer and deploy security capabilities across enterprise systems to strengthen confidentiality integrity and availability of SAMHSA information resources.
• Analyze current environments and recommend the best security technology deployment strategies to address operational needs compliance mandates and evolving threats.
• Conduct gap analysis on security infrastructure across on-premise and cloud environments identify weaknesses and recommend improvements aligned with federal best practices.

Vulnerability & Security Gap Remediation Support

• Provide technical solutions and engineering recommendations to address vulnerability findings configuration weaknesses and security control gaps uncovered through internal/external scanning and assessments.
• Support remediation validation by reviewing vulnerability evidence confirming mitigation actions and ensuring risk is reduced to acceptable levels per program expectations.

Secure SDLC Support & DevSecOps / CI-CD Security Alignment

• Collaborate with developers system engineers and project teams to identify required protections throughout the system lifecycle and ensure projects integrate required security standards into development.
• Provide technical guidance on what engineering changes patterns and workflows are needed to satisfy HHS security requirements during development modernization and sustainment.
• Support the agency goal of adopting a DevSecOps model by helping define security strategies/capabilities and aligning security engineering controls with modern delivery pipelines.
• Collaborate with infrastructure teams to integrate security requirements into CI/CD pipelines and automation strategies for on-prem and cloud environments.

Evaluate Security Tools and Integration Options

• Evaluate security technologies and tool capabilities determine integration approaches and create technical recommendations and implementation plans for deployment.
• Analyze HHS design requirements and ensure Client systems meet required enterprise security architecture expectations.

Security Tools Operations & Maintenance Support (Engineering Lead)

• Provide technical expertise for configuration operations and lifecycle maintenance of security tools and platforms including upgrades/patching as needed.
• Coordinate with SAMHSA infrastructure teams and/or vendors to troubleshoot tool outages or failures impacting security monitoring and protection services.
• Support contractor team readiness through knowledge-sharing/training expectations to ensure security tooling can be operated and sustained effectively.

Support CDM Integration and Federal/HHS Mandated Capabilities

• Support integration of Continuous Diagnostics and Mitigation (CDM) capabilities into Clients security architecture and ensure reporting readiness for the HHS CDM dashboard.
• Provide technical expertise to meet federal and HHS directed security capability integration requirements as Client implements mandated security services.

Requirements

Education: Bachelors degree in a relevant field discipline ( i.e. Cybersecurity / Information Assurance or Computer Science or Information Technology / Information Systems or Computer Engineering / Systems Engineering or Network Engineering / Telecommunications)

Certification: CISSP or CAP or CEH or Security

Experience:

• 8 years of experience in enterprise security architecture security engineering and/or system administration supporting complex enterprise environments.
• 23 years of direct cloud security experience supporting cloud-hosted systems and security control implementation (IaaS/PaaS/SaaS).
• Experience assessing enterprise environments to determine security gaps and selecting the best deployment approach for security technologies.
• Experience providing remediation guidance for vulnerability findings and supporting secure development and modernization activities.
• Experience supporting CDM integrations and security reporting readiness.
• Experience working closely with engineering teams in a DevOps/DevSecOps environment and supporting CI/CD pipeline security integrations.

Tools Set / Platforms

The Lead Security Engineer is expected to support security engineering implementation and operational integration across tools including but not limited to:

• Splunk (SIEM/log analytics)
• TrendMicro Deep Security
• Tenable Nessus (vulnerability scanning)
• Carbon Black (endpoint security/EDR)
• Okta (identity access management)
• CyberArk (privileged access management)
• McAfee MVISION
• AWS / Barracuda Web Application Firewall (WAF)
• DBProtect

Compensation and Benefits

The projected compensation range for this position is $60000 to $140000 per year benchmarked in the Washington D.C. metropolitan area. Salary at LCG is determined by various factors including but not limited to role location education/training skills certifications and experience.

LCG offers a competitive and comprehensive benefits package including medical dental and vision insurance life and disability insurance retirement plan contributions paid leave federal holidays professional development opportunities and lifestyle benefits.

Devoted to Fair and Inclusive Practices

All qualified applicants will receive consideration for employment without regard to sex race ethnicity age national origin citizenship religion physical or mental disability medical condition genetic information pregnancy family structure marital status ancestry domestic partner status sexual orientation gender identity or expression veteran or military status or any other basis prohibited by law.

If you are interested in applying for employment with LCG and need special assistance or an accommodation to apply for a posted position contact Human Resources at

Securing Your Data

Beware of fraudulent job offers using LCGs name. LCG will never request payment-related details or advance payment during the application process. Legitimate communication will only come from or email addresses.