Important Notice for Applicants: At Bixal, we want to ensure a transparent and secure application process for all candidates. Official communication will come from an email address ending in @bixal.com or from @bixal.na.teamtailor-mail.com. Messages from other sources may be fraudulent, and you should exercise care to avoid any links or attachments included. Bixal will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Need Assistance or a Reasonable Accommodation? If you need assistance or a reasonable accommodation to complete your application, we're here to help. Please reach out to us at talent@bixal.com and let us know how we can support you. You do not need to share personal details or disclose the nature of your request. You can expect a response from a team member within 24 hours during the regular work week and on the next operating day during the weekend or holidays. Why Bixal? Bixal is a consulting company headquartered in Fairfax, VA, working alongside governments and organizations to help them deliver better services and experiences to the communities they serve. Using evidence-based knowledge and technology, Bixal empowers clients to deliver on their missions more effectively by fostering a culture of learning and continuous improvement. Our values: - People-First: Emphasizing the importance of people in all aspects of work. - Collaboration and Transparency: Valuing teamwork and open communication. - Growth Mindset: Encouraging innovation and continuous improvement. - Creating Lasting Impact: Focusing on meaningful outcomes and positive change. About the role: We are seeking a Security Engineer to serve in an Information System Security Officer (ISSO) capacity supporting a federal program for the General Services Administration (GSA). The ISSO will be responsible for maintaining the security posture of assigned systems, supporting the Authority to Operate (ATO) lifecycle, and ensuring compliance with federal cybersecurity standards. The ideal candidate has at least 8 years of experience in information security or cybersecurity roles, including experience supporting federal information systems. The candidate should have a strong understanding of NIST Risk Management Framework (RMF) processes and be comfortable collaborating with engineering teams to manage vulnerabilities and maintain security compliance. Familiarity with GSA systems, policies, and security governance processes is a plus. This is a full-time position contingent on contract award by our client, with a defined performance period of one year with two one-year option periods. This role offers you a unique opportunity to make a meaningful impact on a project that aligns with Bixal’s mission of delivering innovative, human-centered solutions. While the role has a fixed duration, we are committed to transparency and collaboration, keeping you informed about contract updates and new opportunities. At Bixal, we support your professional journey, ensuring your experience reflects our inclusive, purpose-driven culture and prepares you for future success. Compensation: The salary range for this role is $115,000 – $140,000. In the spirit of transparency, most offers tend to land near the midpoint of the range. We make compensation decisions thoughtfully, considering your experience, the skills you bring, and our commitment to internal equity. Fairness and transparency are core to how we operate. Responsibilities: Security Compliance & ATO Maintenance - Serve as the designated Information System Security Officer (ISSO) for one or more federal information systems. - Maintain documentation and artifacts required to support the Authority to Operate (ATO) and ongoing compliance activities. - Complete required monthly and quarterly security checklists and maintain associated compliance documentation. - Support continuous monitoring activities in accordance with the NIST Risk Management Framework (RMF). Security Monitoring & Vulnerability Management - Conduct or coordinate application and infrastructure security scans as needed. - Monitor security findings from automated tools and external assessments. - Collaborate with development and DevOps teams to prioritize, track, and remediate vulnerabilities. - Maintain and update Plans of Action and Milestones (POA&Ms). Governance & Security Coordination - Represent the program in security briefings, governance forums, and compliance meetings. - Coordinate with system owners, technical teams, and security stakeholders to ensure proper implementation of security controls. - Support security assessments, audits, and compliance reviews conducted by federal security teams or third-party assessors. Security Documentation - Maintain and update system security documentation including: - System Security Plan (SSP) - POA&M - Security Assessment Reports - Continuous Monitoring artifacts - Ensure documentation aligns with NIST 800-53 controls and federal security standards. - Other relevant duties as assigned and qualified/trained to perform Qualifications: - Bachelor’s degree in Computer Science, Engineering, at least 8 years of experience in information security, cybersecurity, or related roles, or equivalent practical experience (12 years without degree). - Experience serving as an Information System Security Officer (ISSO) or similar security role supporting federal systems. - Working knowledge of NIST Risk Management Framework (RMF) and NIST 800-53 security controls. - Experience supporting ATO lifecycle management for federal systems. - Experience coordinating or reviewing security scans and vulnerability remediation efforts. - Strong understanding of federal cybersecurity compliance and documentation requirements. - Ability to work collaboratively with engineering teams to address security findings. - Ability to obtain and maintain a Public Trust clearance. Nice to Have Skills and Experience: - Experience supporting GSA systems, platforms, or security governance processes. - Familiarity with FedRAMP or cloud-based federal systems. - Familiarity with the Cybersecurity Maturity Model Certification (CMMC) framework and related compliance practices. - Experience working with modern web applications and DevSecOps practices. - Knowledge of common security tools used in federal environments (e.g., SAST/DAST scanners, vulnerability management tools). - CISSP - CISM - Security+ - Certified Authorization Professional (CAP) How We Support Our Team: - Flex hours - 401K with matching incentive - Parental Leave - Medical/dental/vision benefits - Flex Spending Account - Company provided short-term disability and life insurance - Commuter benefits - Paid Time Off (PTO) - 11 Paid holidays Our company is committed to providing equal employment opportunities for all individuals and complies with all applicable federal, state, and local anti-discrimination laws. Employment decisions are based on merit, qualifications, and business needs.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description To provide safety leadership to all Tremco CPG field employees, ensure site compliance with corporate and client safety standards, implement safety directives, improve safety performance, and ensure site safety policies and procedures are aligned with governmental regulations. - Conduct both virtual and physical visits to perform site safety audits and safety process audits (e.g., safety document evaluation/compliance) - this should take place at least 75-80% of the week. - Enforce all Federal, State, local, owner, and Tremco regulations throughout all regional projects. - Assist site leadership in developing site-specific safety programs aligned with Tremco Safety policies and instruct supervisors on safety procedures, planning, and equipment. - Assist the Director of Health and Safety with rolling out new safety initiatives and briefing employees as needed on new or updated policies (e.g., Daily Task Planning, 100% audit compliance, safety training programs). - Educate the workforce and regional leadership on understanding Tremco's safety cultural advancements, such as safety leadership and safety management systems. - Effectively represent Tremco safety culture with subcontractors and help Tremco site leadership ensure complete compliance with applicable rules and regulations. - Act as a subject matter resource for workers within the field in producing a documented assessment of safe working processes, risk potentials, and solutions/corrective measures. - Motivate, organize, and encourage teamwork within the workforce to ensure safety practices and policies are adhered to effectively. - Review the safety obligations of the clients and ensure they are carried out as per the terms of the agreement, and communicate to the Field Leadership and Safety Supervisors. - Assist the Director of Health and Safety with EHS Notification and Incident Investigation processes, as well as implementation of response action items. - Ensure that all incidents are reported immediately per the Tremco Incident Notification Policy. - Participate and assist all field leadership in the investigation of incidents to determine the root cause, and take corrective actions where necessary. - Ensure incident corrective actions are followed up on and completed. - Ensure injured workers are offered modified duties, and documentation has been completed. - Monitor and follow up on modified workers in the field. - Regularly communicate safety audit results and/or field safety concerns with the Director of Health and Safety and prepare observation reports as needed. - Must have 30 Hr. OSHA Training (with willingness to get 500 Hr. OSHA Training to operate as an official component of the OSHA Construction Outreach Program). - Ensure all new employees within the Region meet their training objectives, e.g., complete their Day 1 Orientation, iLead New Employee Training, and Tremco (OSHA) Construction 10 Hr. Training within 1 month of their employment. Qualifications - An Occupational Health and Safety Degree, Diploma, or Nationally Recognized Safety Certification or Designation is a mandatory requirement. - Minimum 8 years of Health and Safety field experience that includes strong skills in incident investigation. - Minimum 5 years of supervisory experience. - Proficient in Microsoft Office applications. - The ability to demonstrate the application of risk assessment to company operations and activities. - Experience in the building maintenance and/or general construction safety industries strongly preferred. - Work remotely with the ability to travel 75% or greater. Requirements - Must have excellent skills and/or abilities in the following areas: - Leadership, conflict resolution, and problem-solving - Verbal and written communications - Interpersonal skills with all levels of staff - Ability to perform under stressful conditions, with the ability to diffuse situations - Situation analysis - Decision-making - Attention to detail and high level of accuracy - Organized approach to work, including excellent follow-up on issues - Multitasking in a fast-paced environment with good prioritization skills - Professional Safety Certifications are a plus. Benefits - Health insurance - Paid time off - 401(k) with company match - Company Pension Plan - Continuing education Salary Range The salary range for applicants in this position generally ranges between $82,000 and $102,000. This range is an estimate, based on potential employee qualifications, operations, needs, and other considerations permitted by law. Equal Opportunity Employment Qualified applicants will receive consideration for employment without regard to their race, color, religion, national origin, sex, sexual orientation, gender identity, protected veteran status or disability.

• Define the multi-year security roadmap for US Public Sector expansion • Align technical initiatives across NIST 800-53 and CNSSI 1253 controls to ensure a "build once, comply many" architecture • Serve as the primary driver for our current-year goal of IL5 implementation, coordinating across Product, Engineering, Infrastructure, and Security to meet federal cloud SRG requirements • Lead the full Assessment and Authorization (A&A) lifecycle • Manage gap analyses, 3PAO engagements, and the path to Provisional Authorization (PA) and Agency ATOs • Partner with Product and Engineering to translate complex federal mandates (FIPS 140-2/3, ICAM, Zero Trust) into actionable technical requirements • Develop the readiness plan for FedRAMP High, identifying technical gaps and resource requirements to reach the high-water mark • Act as the subject matter expert for leadership on the trade-offs between speed-to-market and the rigorous security requirements of IL5 and FedRAMP High • Design and oversee the strategy for automated continuous monitoring and annual assessments to ensure zero drift in our authorized posture

• Collaborate with product engineers and product teams to gather requirements, provide expert consultation on securing the entire SDLC process • Identify architectural flaws and security concerns in application designs early in the SDLC process • Threat Model and design security controls and mitigations in collaboration with product engineering teams • Verify/validate secure code interactions with other dependent and integrated services/systems • Ensure testing automation addresses security goals and concerns • Review and verify identified/reported vulnerabilities, perform root cause analysis, and partner with developers to drive corrections • Stay up-to-date with emerging security threats, trends, and new technologies to continuously improve the security posture of our code and shared development resources • Contribute to technical requirements, architecture, and interface design documents and educational resources