Dev Technology logo
Dev Technology

Dev Technology is a growing IT company with an employee-centric culture that works on mission-critical projects for the federal government. We partner with our federal customers to deliver technology services and solutions, and to drive our client’s missions forward through innovation. We use Agile and DevSecOps principles to provide services including application development, biometrics and identity management, cloud and infrastructure optimization, IT and legacy modernization, and data management.

Lead Security Engineer

Security EngineerSecurity EngineerFull TimeRemoteLeadTeam 201-500

Location

United States

Posted

1 day ago

Salary

$120K - $190K / year

Seniority

Lead

Job Description

Lead Security Engineer

Dev Technology

Role Description We are seeking a Subject Matter Expert (SME)–level Lead Security Engineer to lead application security across a large-scale, cloud-native federal modernization program. This role provides technical and management leadership on major security tasks, embedding security into every phase of the System Development Life Cycle (SDLC) using a DevSecOps methodology. The ideal candidate will architect and enforce Zero Trust principles, drive Authorization to Operate (ATO) activities, and direct application security testing, threat modeling, and vulnerability remediation across a System of Systems (SoS). This position interfaces with senior Government stakeholders and the Office of Information Security (OIS), and decision-making and domain knowledge may have a critical impact on overall program implementation. May supervise others. - Lead the design and implementation of application security solutions, frameworks, and processes across all phases of the SDLC. - Implement Zero Trust (ZT) principles for applications, workloads, and data, aligned with EO 14028, OMB M-22-09, and NIST SP 800-207 (Zero Trust Architecture). - Integrate security into DevSecOps CI/CD pipelines, establishing security gates, automated code inspection, and supply-chain controls, including Software Bill of Materials (SBOM) generation. - Direct Static and Dynamic Application Security Testing (SAST/DAST), vulnerability assessments, and penetration testing to identify, triage, and remediate security weaknesses. - Lead threat modeling exercises to analyze application architecture, identify attack vectors, and document mitigation strategies throughout design, development, testing, and deployment. - Support the Authorization to Operate (ATO) process, including security control assessment, artifact and evidence collection, Privacy Threshold Analysis/Privacy Impact Assessment support, and Plan of Action and Milestones (POA&M) management. - Implement security controls in accordance with the NIST Cybersecurity Framework and NIST SP 800-53, and remediate identified vulnerabilities and compliance findings. - Design and implement secure architecture patterns — secure API design, authentication/authorization, input validation, encryption, secure logging and monitoring (SIEM), and secure error/session/configuration management. - Develop and maintain metrics, dashboards, and reporting to track application security posture, threat trends, and remediation progress over time. - Support the development and management of Interagency Security Agreements (ISA), security playbooks, and incident response in accordance with current cybersecurity policies. - Collaborate with application developers, data engineers, systems engineers, and OIS to identify and mitigate vulnerabilities, and provide expert security consultation to development teams. - Assist in FedRAMP certification activities and the assessment/remediation of independent penetration testing results, as applicable. Qualifications - Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field. - 15+ years of relevant IT/cybersecurity experience, providing technical and management leadership on major tasks or technology assignments (SME level). - Certified Information Systems Security Professional (CISSP). - Certified Cloud Security Professional (CCSP). - Demonstrated expertise in integrating security into a DevSecOps SDLC, including CI/CD security gates and automated security testing. - Hands-on experience implementing Zero Trust Architecture and applying NIST SP 800-53 controls and the NIST Cybersecurity Framework. - Proven experience leading vulnerability assessments, penetration testing, and threat modeling for enterprise applications. - Experience supporting the ATO lifecycle and managing POA&Ms, security artifacts, and evidence collection. - U.S. Citizenship required. Preferred Skills and Experience - Certified Information Security Manager (CISM). - Certified Information Systems Auditor (CISA). - Experience generating Software Bill of Materials (SBOMs) and implementing software supply-chain security controls. - Familiarity with SIEM deployment, container/image hardening, and secure baseline configuration. - Experience in large-scale, multi-cloud federal environments and FedRAMP processes. - Strong analytical, problem-solving, written, and verbal communication skills, including the ability to brief senior Government stakeholders. Benefits - Generous and flexible time-off policy. - Flexible work schedules and telework options, including remote work availability for eligible projects. - Career development opportunities including a mentorship program, technical and management training through Dev University, hands-on learning through DevLab, tuition reimbursement, and paid training opportunities. - Industry-leading benefits including a choice of two health plans that include dental and vision, flexible spending account, commuter benefits, life insurance, and more. - 401K matching with a 5% matching contribution. - Regular team and company social events including our annual party, happy hours, fitness challenges, and more. - A focus on community engagement including company-wide support activities, employer match for donations, and time off for volunteer efforts.

Related Categories

Related Job Pages

More Security Engineer Jobs

Block logo

Principal Security Engineer

Block

Block builds simple, powerful tools that make progress towards an economy that’s truly open to all.

Full TimeRemoteTeam 10,001+Since 1990H1B Sponsor

Role Description As a Principal Security Engineer focused on Software Security Engineering at Block, you will be a technical leader reporting to the CISO responsible for setting the bar for security excellence and driving the creation of innovative, world-class software solutions to complex security problems. You will work across Engineering and Information Security (InfoSec) to champion a "Secure by Design" culture, directly influencing the architecture of Block's core products and infrastructure. Your mandate is to provide deep technical expertise and strategic direction to ensure that security is enabling fast, secure innovation across the business. - Software Security Innovation: Deliver world-class and innovative software solutions to security problems, tackling Block's top risks such as technology fragmentation and security after-the-fact. - Technical Strategy & Architecture: Define the multi-year technical strategy for software security at Block, guiding architectural decisions and ensuring alignment with engineering best practices. - Cross-Cutting Solution Leadership: Identify and lead the development and implementation of common, high-leverage security solutions and infrastructure across Block's business units (Square, Cash App, TBD, etc.) to combat data sprawl and overpermissioning. - Drive engineering excellence: Specifically around security, for critical systems like tokenization platforms, ensuring integrity, performance, and scalability. - Spearhead the security strategy: And engineering excellence for mobile software and platforms across Block's product ecosystem. - Champion security reliability engineering: (SecRelEng) practices to improve the overall resilience and availability of security services and infrastructure. - Execution Excellence: Lead technical planning and implementation for high-priority security initiatives, acting as a technical decision maker/tie-breaker and upholding high technical standards. - Consultation & Guidance: Partner with engineering leaders to integrate security practices early into the development lifecycle (Secure SDLC) and provide security architecture review and threat modeling for critical systems. - Mentorship & Enablement: Foster technical excellence within InfoSec and mentor engineers on technical execution, system design, and technology choices, driving knowledge sharing and documentation. Qualifications - Track record of exemplary technical leadership and decision-making at a Principal or equivalent level (L8+ technical capabilities preferred). - 10+ years of experience developing and shipping production software and critical services, with a minimum of 5 years focused on establishing and scaling security practices in a large, modern technology environment. - Mastery of system design and architecture, with demonstrable experience solving ambiguous, domain-heavy problems by structuring the approach, clarifying scope, and driving clarity among stakeholders. - Deep technical understanding of security vulnerabilities, risks, countermeasures, and compensating controls, particularly in high-volume, real-time transaction processing environments. - Exceptional collaboration and communication skills, with proven ability to influence executive leadership and direct engineering teams in prioritizing security roadmap items to balance security and business risks. - Demonstrable ability to write production-quality code/script for security automation and tooling. Requirements - Experience leading and driving significant technical initiatives across multiple team, organizational and product boundaries. - Experience in the financial technology, payments, or cryptocurrency/bitcoin domain, reflecting Block's unique security characteristics. - Experience improving engineering standards and practices for security, and building systems to achieve sub-linear growth of security resources relative to the business (Design for Leverage, Not Coverage). Benefits - Remote work - Medical insurance - Flexible time off - Retirement savings plans - Modern family planning

California
$319K - $478.6K / year
BearCom logo

Physical Security – Traveling Associate Project Manager

BearCom

BearCom is North America’s largest provider & system integrator of wireless voice, video, & data solutions.

Full TimeRemoteTeam 1,001-5,000Since 1981H1B No Sponsor

• Coordinate project management activities, resources, equipment, and information • Segment projects into achievable actions and set timeframes for completion • Liaise with clients to identify and define requirements, scope, and objectives • Assign tasks to internal teams and assist with schedule management • Make sure that clients needs are met as projects evolve • Analyze risks and opportunities • Monitor project progress and manage issues that arise • Communicate project status to all stakeholders • Work with the team to eliminate blockers • Use tools to monitor working hours, plans and expenditures • Create and maintain comprehensive project documentation, plans and reports • Ensure standards and requirements are met through monitoring quality assurance and control activities • Create schedules and collect documents to orient and guide projects and outcomes • Communicate with stakeholders about scheduling, staffing, and technical requirements • Help with other projects/duties as needed

Louisiana + 2 moreAll locations: Louisiana | Tennessee | Texas
Full TimeRemoteTeam 1,001-5,000H1B No Sponsor

• Technical owner for the information security operations platform, responsible for the architecture, strategy, and sustaining controls for detection, incident response, vulnerability management, identity management, and perimeter governance. • Primary technical reference for the area, contributing to process maturity and the technical development of the team. • Architect, deploy, and direct the maintenance of an open-source-based SIEM platform, including data collection, normalization, event correlation, processing pipelines, and retention policies. • Develop and maintain detection use cases aligned with the MITRE ATT&CK framework, with continuous tuning to reduce false positives and increase detection effectiveness. • Strategically lead the corporate Vulnerability Management program, including risk-based prioritization, coordination of remediation with technology teams, and monitoring executive-level indicators. • Define and govern Identity and Access Management (IAM) processes: identity lifecycle, segregation of duties, RBAC, MFA, and periodic access reviews. • Govern policies and rules for Next-Generation Firewalls (NGFW): network segmentation, periodic rule reviews, and hardening. • Provide technical leadership for response to critical security incidents, supporting containment, forensic analysis, and coordination of remediation activities. • Implement and monitor hardening of environments based on recognized industry benchmarks (CIS Benchmarks). • Develop automations and integrations using tools and scripting languages to optimize team operations. • Prepare and maintain high-complexity technical documentation, standard operating procedures, security policies, and reference architectures. • Act as a mentor to team analysts, promoting knowledge transfer, technical culture, and operational continuity.

Brazil
Full TimeRemoteTeam 1,001-5,000Since 1979H1B Sponsor

• Protect the organization's digital assets • Deploy and manage security technologies like EDR and SIEM • Lead vulnerability and threat programs • Conduct threat hunting • Administer the SIEM platform • Respond to security incidents • Manage email security and DLP solutions

United States
$150K - $180K / year