This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description Vannevar Labs is seeking an experienced Information Security Engineer to lead our IL-6 / IL-7 ATO (Authority to Operate) and follow-on compliance efforts. This role will be critical to unlocking our ability to deploy classified capabilities for defense and intelligence customers. You will serve as the dedicated technical leader responsible for achieving platform operation on classified networks, working directly with government ISSMs, AOs, and security stakeholders to navigate the RMF process and achieve ATOs across Navy, Joint, and COCOM user groups. What you’ll do - Own and execute our strategy for how we approach ATOs across our customers. - Lead the end-to-end ATO process for IL-6 (SIPR) and IL-7 (JWICS) environments, through full authorization and follow-on compliance. - Own RMF (Risk Management Framework) documentation and control implementation across multiple simultaneous ATOs. - Work with 3PAOs and federal government AOs to achieve compliance certifications and reports. - Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures. - Serve as a liaison between system owners and other security personnel, ensuring that selected security controls are effectively implemented and maintained throughout the lifecycle of projects. - Interface directly with government ISSMs, AOs, and security stakeholders to manage authorization packages and navigate accreditation tools (XACTA, eMASS). - Design and implement role-based access controls, data classification frameworks, and audit logging capabilities for classified environments. - Architect solutions for handling TS/SCI data with proper controls and separation that meet DoD requirements. - Ensure compliance with DISA STIGs, SRGs, NIST 800-53, and DoD hardening standards. - Build scalable systems and processes for managing ATOs across different customers and sponsors. - Coordinate with platform engineering teams on security roadmap priorities and technical implementation. - Manage relationships with government sponsors and identify opportunities to parallel-path authorization efforts. - Work closely with mission engineering teams deploying to classified environments and partner with compliance engineering on FedRAMP and CMMC efforts. - Brief executive leadership on ATO status, risks, and strategic decisions. Qualifications - Must have personally led or been deeply involved in achieving ATOs or DISA provisional authorizations. - 5+ years in information security, with significant time in government/DoD compliance. - Direct experience with RMF, NIST 800-53, DISA STIGs, and IL-4/IL-5/IL-6/IL-7 environments. - Track record of working closely with government ISSMs, AOs, to navigate and expedite bureaucratic processes. - Experience with XACTA, eMASS, or similar government accreditation platforms. - Deep understanding of classified network architectures (SIPR, JWICS). - Experience implementing RBAC, audit logging, and data classification systems. - Knowledge of cloud security in AWS GovCloud, Google Government, and Azure Government. - Familiarity with container security, Kubernetes/OpenShift in classified environments. - Understanding of cross-domain solutions and data transfer between classification levels. - Ability to navigate complex government processes and build relationships with government stakeholders. - Strong written communication for technical documentation and compliance artifacts. - Must hold an active U.S. TS Security clearance with SCI Eligibility. Benefits - Health, dental, and vision insurance. - Remote friendly with WeWork access. - Unlimited PTO, shared downtime during the federal holiday calendar, and company-wide off time at the end of each year. - 401(k) match. - Lifestyle & wellbeing stipends. - Salary top-up during military reserve duty. - Fully paid parental leave. - Child and pet care reimbursement during travel.

• Contribuer aux projets destinés à nos clients en France et à l’international • Intervenir sur l’ensemble du cycle de développement, de la conception jusqu’à la mise en production • Travailler sur les interfaces de communication et leur sécurisation • Pré-étude en lien avec le chef de projet • Définir ou faire évoluer les solutions de cybersécurité ainsi que l’architecture logicielle et matérielle • Analyse de risque cybersécurité • Définir la stratégie de tests de cybersécurité • Développer les nouvelles fonctionnalités cyber nécessaires • Concevoir les tests requis : tests unitaires, fonctionnels et d’intégration • Mettre en œuvre et utiliser les outils de CI/CD • Intégrer et tester les livrables sur cible embarquée • Participer à la conception de nouveaux produits • Réaliser des tests de pénétration sur nos produits

• Leads business and technical partners with expert knowledge of relevant security technologies. • Applies innovative techniques to address emerging technologies, specifically focusing on AI integration and modern cloud security paradigms. • Prepares and analyzes overall security architecture and detailed systems specifications for complex security systems • Serves as InfoSec Ambassador and lead technical representative to Infrastructure and Reliability and R&D as a whole. • Leads discussion with stakeholder teams regarding best practices in design and implementation of secure cloud systems • Leads initiatives designed to share knowledge across InfoSec, R&D, and Technology teams. • Identifies, recommends, coordinates, and delivers timely knowledge to support teams regarding technologies, processes or tools. • Develops and executes strategies to increase Cloud Security knowledge throughout the enterprise. • Represents Security Platform in development and implementation of the overall global enterprise cloud architecture • Designs, develops, and implements cloud-native architectures that will allow requirements to be met with appropriate security controls present.

• Own the RMF 'engine room' • Apply DoD cloud security policies and NIST SP 800-53 controls • Develop and maintain RMF artifacts • Execute POA&M management with discipline • Support security change governance activities • Conduct security engineering analysis for cloud-native workloads • Engineer evidence and control health • Integrate security into delivery pipelines • Assist with threat modeling and vulnerability assessments • Partner with system architects and developers to integrate security • Monitor, track, and report security compliance posture • Optimize and automate compliance operations