Security Engineer

Join our team at Core One! Our mission is to be at the forefront of devising analytical operational and technical solutions to our Nations most complex national security order to achieve our mission Core One values people first! We are committed to recruiting nurturing and retaining top talent! We offer a competitive total compensation package that sets us apart from our competition. Core One is a team-oriented dynamic and growing company that values exceptional performance!

Clearance Required: Active TS/SCI with Polygraph

Summary

We are seeking a Senior Security Engineer to support cybersecurity operations compliance and risk management for FedRAMP-authorized and Intelligence Community (IC) systems. This role is responsible for ensuring systems meet stringent federal security requirements while enabling secure scalable and compliant cloud and on-premises solutions.

The ideal candidate brings deep expertise in NIST frameworks FedRAMP authorization processes continuous monitoring (ConMon) cloud security incident response and ATO lifecycle management along with the ability to operate effectively within classified and high-security environments.

The Senior Security Engineer serves as the primary cybersecurity technical authority supporting system engineering cloud architecture DevSecOps pipelines compliance initiatives and operational security monitoring.

Key Responsibilities

• Lead and support FedRAMP Moderate/High and IC ATO authorization efforts ensuring compliance with NIST RMF NIST 800-53 NIST 800-37 FedRAMP and ICD 503 requirements.
• Conductrisk assessments security control assessments gap analyses and security architecture reviews to identify and mitigate cybersecurity risks.
• Manage the fullRisk Management Framework (RMF) lifecycle including system categorization control selection implementation assessment authorization and continuous monitoring.
• Develop and maintain security documentation such asSSPs SARs POA&Ms and control traceability artifacts while tracking remediation activities.
• ExecuteContinuous Monitoring (ConMon) programs through vulnerability assessments compliance reviews security control validation and reporting.
• Leadvulnerability management activities using tools such as Nessus ACAS SCAP and STIG Viewer validating remediation and coordinating risk mitigation efforts.
• SupportSecurity Operations and Incident Response including threat monitoring alert analysis incident investigations root cause analysis and coordination with SOCs and government stakeholders.
• Design and assess security controls forAWS GovCloud Azure Government and other government cloud environments implementing IAM encryption logging and least-privilege access controls.
• Integrate security intoDevSecOps and CI/CD pipelines through automated security testing vulnerability scanning compliance validation and Infrastructure-as-Code security practices.
• Support audits and assessments including3PAO reviews FedRAMP assessments agency ATO reviews and IG audits while preparing evidence and coordinating with auditors and assessors.
• Administer and utilize governance compliance monitoring and vulnerability management tools such as ServiceNow GRC Splunk and Azure.
• Collaborate with developers engineers cloud architects ISSOs/ISSMs compliance teams and government stakeholders to provide cybersecurity guidance throughout system development and operations.
• Contribute tosecurity governance policy development cybersecurity program maturity and organizational security culture while mentoring junior staff and promoting risk-informed decision-making.

Required Qualifications

• Active TS/SCI with Polygraph
• Bachelors degree or higher in Cybersecurity IT or related field and 5 years experiencein Cybersecurity in federal or IC environments
• OR Masters and 3 years of experience in Cybersecurity in federal or IC environments
• Strong Knowledge of NIST RMF (800-37) NIST 800-53 controls and FedRAMP requirements
• At least one of the following certifications: CISM or CISA CompTIA Security (baseline) Certified Authorization Professional (CAP) CCSP (cloud security)
• Experience in the following tools: NIST 800-53 RMF FedRAMP ICD 503 ServiceNow GRC Splunk AWS GovCloud Azure

Desired Qualifications

• Experience with cloud-native security tools
• Knowledge of Zero Trust Architecture
• Experience with cross-domain solutions
• Familiarity with DevSecOps pipelines in regulated environments

Core One is anEqual Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religion sex gender identity sexual orientationnational origin or protected veteran status and will not be discriminated against on the basis of disability.

PRESENT

PRESENTPRESENTPRESENTPRESENTPRESENTPRESENT