Sr Information Security Engineer
Herndon, VA - USA
Job Summary
Position Overview:
This position will serve as a member of the Exostar Information Security Office and will report to the Manager of Governance & Engineering. This role is responsible for designing and implementing technical security controls across application cloud identity and PKI environments. The successful candidate will work directly with DevOps application and operations teams to engineer controls and satisfy security framework requirements. This role is ideal for a security engineer who can assess architecture identify control gaps implement remediation and technically validate implementation effectiveness.
This role is ideal for candidates that have a skillset focused on engineering credibility architectural judgment and the ability to operate confidently with technical teams auditors customers and leadership.
Responsibilities: Your day if you join us:
Security Architecture & Control Implementation
- Assess design and provide guidance on secure architecture for cloud environments including IAM PKI access network and platform services.
- Engage directly with infrastructure platform and development teams to translate security requirements into implementable technical designs and controls.
- Review proposed system changes architecture diagrams network flows identity integrations and control implementations for security implications.
- Develop technical control implementation guidance including diagrams control narratives configuration expectations and test procedures.
- Provide hands-on engineering support for control effectiveness through configuration review evidence inspection technical testing log review and remediation verification.
- Perform threat modeling and security risk assessments and coordinate actionable mitigation strategies.
Compliance Engineering & Governance
- Provide engineering support for controls aligned to frameworks such as PKI identity certification CMMC L2 FedRAMP Moderate ISO/IEC 27001 IAM SOC 2 etc.
- Produce technical control descriptions that reflect security architecture implementation and operational behavior to create defensible control narratives to auditors and customers.
- Produce SSPs POA&Ms control narratives and audit responses where engineering interpretation is required.
- Support audits and customer assessments by explaining technical controls gathering defensible evidence and validating that evidence against control intent.
- Improve the repeatability and quality of evidence collection control validation and remediation tracking.
Qualifications:
You are a great fit for this role if you:
Required Skills:
- 10 years of hands-on experience evaluating secure architecture and implementing security controls in cloud environments.
- Experience evaluating system architecture network diagrams data flows identity integrations and technical design documentation.
- Experience performing threat modeling technical risk assessments security design reviews and control gap assessments.
- Experience integrating security into the SDLC including CI/CD pipelines Agile delivery and DevSecOps practices.
- Experience collaborating with engineering infrastructure DevOps cloud IAM and operations teams to drive remediation to closure.
- Strong understanding of network security concepts including segmentation firewalls proxies DNS TLS VPN/IPSec routing ingress/egress control and secure network design.
- Experience with identity and access technologies such as Active Directory Entra ID/Azure AD SAML OIDC MFA privileged access role-based access control and identity federation.
- Demonstrated experience authoring technical control narratives technical audit documentation and supporting evidence.
- Experience supporting audits and assessments such as SOC 2 ISO 27001 etc.
- Strong written and verbal communication skills with the ability to explain technical concepts to auditors leadership and business stakeholders.
- Significant experience using Jira and Confluence.
- U.S. Citizens only- Due to customer requirements U.S. Citizenship is required. Ability to gain and maintain Trusted Role is required.
Preferred Qualifications:
You are exactly who we are looking for if you
- CMMC CCA or CCP certification.
- FedRAMP audit lead or hands-on control implementation experience
- CISSP and other similar technical certifications
- Experience implementing Governance Risk and Compliance (GRC) tools
- Experience with managing securing and auditing Public Key Infrastructure (PKI) including the certificate lifecycle management.
- End-point Protections (HIPS/HIDS)
- Demonstrated experience designing multi-tier highly available multi-threaded scalable architectures.
- Experience with web application programming Java APIs or application-adjacent security engineering.
- Secure development frameworks (e.g. OWASP SAMM Microsoft Security Development Lifecycle IBM Secure Engineering Framework etc.)
- Business Continuity and Disaster Recovery planning
- Data Loss Prevention (DLP)
- Data Labeling and Information Rights Management
Education:
- Bachelors degree from an accredited university in IT related discipline
Exostar - The Company:
Exostars cloud-based platforms create exclusive communities within the Aerospace and Defense Life Sciences and other highly regulated industries where members securely collaborate share information and operate compliantly. Within these communities we build trust. By analyzing community data we provide insights and intelligence enabling organizations to make better timelier decisions to mitigate risk and operate more efficiently.
We believe in employee development: we promote internally and provide training and educational assistance
We provide a fun engaged workplace with social and community-building events
We offer comprehensive benefits and flexible time off plans
Exostar is an Equal Opportunity Employment Employer. The company provides equal employment opportunities to all applicants without regard to race color religion sex national origin age marital status disability status or genetic information. Exostar is committed to providing equal employment opportunities for all persons in all facets of employment including recruiting hiring compensation promotion training benefits transfers and working conditions.
Required Experience:
Senior IC
About Company
The Exostar Platform enables increased visibility and resiliency while facilitating digital transformation across communities in highly regulated industries.