Platform Security Lead
Location
United States
Posted
40 days ago
Salary
$175K - $215K / year
Seniority
Senior
Job Description
Platform Security Lead
Defcon AI
• Define and execute the ATO pathway, including responsibility allocation across government and contractor teams • Author and maintain RMF documentation (SSP, SAP, SCTM, ConMon) in accordance with DoDI 8510.01 and NIST 800-53 • Coordinate with eMASS and Authorizing Officials on assessment and authorization activities • Lead continuous monitoring and reauthorization efforts across the system lifecycle • Define security requirements for cross-domain data flows (IL-5, IL-6, tactical edge) • Evaluate and guide selection of DoD-approved cross-domain solutions • Ensure classification-aware data segmentation is enforceable, auditable, and aligned with policy (e.g., NOFORN, REL_TO, ORCON) • Review system architecture to ensure compliant handling of classified data flows • Support secure operation across NIPR, SIPR, and higher classification environments • Define authorization approaches (inheritance vs. standalone ATOs) across enclaves • Ensure security posture scales without requiring fundamentally different architectures • Serve as the authoritative internal resource for DoD security and RMF-related questions • Advise on container security, RBAC, service mesh security, PKI/CAC integration, and secrets management • Define expectations for security scanning, container hardening, and vulnerability management (without owning the pipeline) • Evaluate new capabilities for security and authorization impacts prior to production deployment
Job Requirements
- 10+ years of information assurance or security engineering experience with increasing seniority
- 5+ years of hands-on ownership of RMF / ATO packages for DoD production systems, including at least one full authorization cycle (categorization → controls → implementation → assessment → authorization → ConMon)
- Deep familiarity with DoD security frameworks, RMF processes, and NIST 800-53 controls
- Proven ability to operate in complex, multi-enclave or classified environment
- US Citizenship Required
- Active Secret Clearance
- Willing to travel up to 25% for business needs
Benefits
- A fully remote, results-based environment
- Competitive salary, bonus, and equity package
- 100% employer paid, comprehensive health insurance including medical, dental, and vision for you and your family
- Unlimited PTO, with your manager’s approval
- Flexible work environment where you manage your work day
- 14 weeks of fully-paid parental leave
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Define and execute the ATO pathway, including responsibility allocation across government and contractor teams • Author and maintain RMF documentation (SSP, SAP, SCTM, ConMon) in accordance with DoDI 8510.01 and NIST 800-53 • Coordinate with eMASS and Authorizing Officials on assessment and authorization activities • Lead continuous monitoring and reauthorization efforts across the system lifecycle • Define security requirements for cross-domain data flows (IL-5, IL-6, tactical edge) • Evaluate and guide selection of DoD-approved cross-domain solutions • Ensure classification-aware data segmentation is enforceable, auditable, and aligned with policy (e.g., NOFORN, REL_TO, ORCON) • Review system architecture to ensure compliant handling of classified data flows • Support secure operation across NIPR, SIPR, and higher classification environments • Define authorization approaches (inheritance vs. standalone ATOs) across enclaves • Maintain alignment with evolving joint and service-level security requirements
Lead Security Engineer
PipePipe has built the world’s first trading platform to help founders access the capital they need to grow on their terms.
• Review and help design robust security standards and monitoring • Maintain and improve our policy-as-code platform to enable rapid detection and response • Work closely with our Infrastructure team to ensure cloud-based deployments have proper monitoring and adhere to our policies • Manage SOC II audits, set a high standard for compliant software and processes, and ensure we consistently meet those standards • Participate in on-call rotation to support critical security issues • Own the vulnerability disclosure program and triage inbound reports to security@ • Run periodic tabletop exercises and incident response drills • Maintain security policies and lead recurring reviews (e.g., firewall changes, security reviews) • Lead responses to partner and customer security questionnaires • Maintain the security risk register, track remediation, and produce periodic security metrics for leadership
• Manage user identities, roles, and access rights across IAM platforms and Active Directory. • Handle ServiceNow tickets related to IAM access requests, incidents, and changes. • Provision, modify, and deprovision access in IAM tools, systems, and local servers. • Provide administrative support including account unlocks, password resets, and remote access provisioning. • Act as last-level support for ATA-operated IAM solutions. • Collaborate closely with IAM operations teams, stakeholders, and customers. • Prepare and deliver weekly and monthly IAM service status reports. • Support internal and external audits by providing evidence and representing the IAM administration team.
Senior Risk Consultant – Digital Risk, Application Security
EYBuilding a #BetterWorkingWorld by providing trust through assurance and helping organizations grow, transform & operate.
• Conduct application security assessments to identify and mitigate potential security risks. • Analyse software systems to identify potential threats and vulnerabilities. • Create and maintain threat models that outline potential attack vectors. • Collaborate with development teams to remediate identified vulnerabilities. • Validate threat models against industry standards. • Document findings from threat modelling assessments. • Review code written by developers to identify security flaws. • Perform various security tests, including SAST and DAST. • Provide technical guidance for application onboarding activities. • Work closely with development teams, product managers, and other stakeholders to gather information. • Design and implement process improvements for the Application Security program.



