GovCIO logo
GovCIO

GovCIO is a service-disabled-veteran-owned small business (SDVOSB) that offers technology services to improve business performance for government organizations.

Sr. Security Engineer

Location

United States

Posted

3 days ago

Salary

$175K - $200K / year

Seniority

Senior

Job Description

Sr. Security Engineer

GovCIO

Role Description GovCIO is hiring a Senior Security Engineer to support the Department of Veterans Affairs (VA) Data Modernization initiative with a focus on VA environment vulnerability remediation. The Senior Security Engineer will provide expert guidance on cloud security, deliver surge support for data ingestion needs, and help customers efficiently navigate the Security Impact Analysis (SIA) process. This role is critical to enabling secure, rapid, and scalable access to VA cloud environments. This position is fully remote within the United States. - Performs advanced vulnerability identification, analysis, and remediation across UNIX/Linux systems (UNIX, RedHat Enterprise Linux, Ubuntu), VMware infrastructures, and containerized workloads (Docker, Kubernetes, AWS EKS). - Apply security engineering best practices to cloud environments in AWS (EC2, IAM, VPC, S3, ECR, ES) and Azure (Key Vaults, Storage Accounts, Databricks), ensuring secure configurations, compliance alignment, and mitigation of risks across application, infrastructure, and data layers using shell scripting, secure baselining, and automated remediation approaches. - Provide end‑to‑end security support for all aspects of the Data Modernization effort, including secure workspace provisioning, access configurations, and governance controls. - Deliver surge support to help customers ingest additional datasets securely, ensuring compliance with VA security and privacy requirements. - Guide users through the Security Impact Analysis (SIA) process, ensuring documentation accuracy, risk identification, and alignment with VA security standards. - Collaborate with intake, provisioning, and data engineering teams to ensure security requirements are integrated into automated workflows and common use‑case configurations. - Review and validate security controls for pre‑created workspaces, including service principals, role-based access configurations, linked services, and data access pathways. - Support the rapid provisioning goal by ensuring security checkpoints are met for DevTest and Production environments within required SLAs (1–2 days when applicable). - Act as a security advisor to customers, helping them understand cloud-native tools, data governance policies, and best practices for secure analytics development. - Coordinate with Databricks SMEs, CDW data teams, and VHA Data Lake stewards to validate security configurations and ensure secure data connectivity. - Maintain and update security documentation, standard operating procedures, security architecture diagrams, and onboarding guidance. - Support the “single front door” customer experience by contributing security-focused content related to onboarding, platform policies, and data access procedures. - Help identify blockers that slow security review steps during provisioning and recommend enhancements to streamline approval workflows. Qualifications - Bachelor’s degree plus 12 years experience in Cybersecurity, Information Technology, Computer Science, or a related field (or commensurate experience). - Experience in security engineering, cloud security, or cybersecurity compliance roles. - Strong understanding of security frameworks such as NIST, RMF, FedRAMP, or similar governance models. - Experience conducting or supporting Security Impact Analyses (SIA), risk assessments, or security authorizations. - Proficiency with Azure cloud security tools, identity and access management (IAM), service principals, and role-based access controls. - Ability to work with cross-functional teams and communicate security requirements to both technical and non‑technical audiences. - Strong analytical, problem-solving, and communication skills. Requirements - Expertise: UNIX, RedHat Enterprise Linux, Ubuntu, VMware, AWS (EC2, IAM, VPC, S3, ECR, ES), Azure (Azure Resource provisioning, Databricks, key vaults, storage accounts), ADF, Synapse, Azure DevOps, Github, IBM Rationale tools suite, Cockroach DB, Docker, Kubernetes, AWS EKS (Elastic Kubernetes Service), Shell, Terraform, Cloud Migration and Application development. - Experience supporting federal government environments, ideally within the Department of Veterans Affairs or healthcare-related systems. - Familiarity with Databricks security models, data lake access controls, and secure data ingestion processes. - Experience with automated provisioning workflows, intake systems, or customer enablement platforms. - Working knowledge of ServiceNow, Jira, SharePoint, or similar platforms used for workflow and ticketing. - Understanding of cloud data architectures, including data warehouse provisioning, linked services, and data pipeline security. - Certifications such as Security+, CISSP, CCSP, Azure Security Engineer, or equivalent. Clearance Required - Ability to obtain and maintain a suitability/Public Trust. Posted Salary Range USD $175,000.00 - USD $200,000.00 /Yr.

Related Categories

Related Job Pages

More Security Engineer Jobs

Student Choice logo

VP of Information Security

Student Choice

Comprehensive college planning, funding, and refinance solutions for credit unions.

Full TimeRemoteTeam 51-200Since 2008H1B No Sponsor

• Manage and maintain a risk-based, right-sized security program aligned to business priorities • Manage security controls that balance protection, usability, and system performance • Translate risk into clear, actionable decisions for leadership • Working with our vendors, ensure systems are architected with: o Strong identity and access controls o Secure configurations o High availability and resilience • Partner with MSP and IT to build secure, scalable, and fault-tolerant systems • Promote infrastructure consistency and automation • Manage and enhance monitoring, logging, and alerting across all platforms • Define and track key security and reliability metrics, such as: o Incident detection and response times o Vulnerability remediation timelines o System availability and performance • Improve visibility into system behavior to support faster, more effective decision-making • Lead all aspects of incident response, including coordination with MSP, COO, and CIO • Conduct root cause analysis and implement corrective actions • Drive a culture of continuous improvement, reducing repeat incidents over time • Ensure systems and processes evolve based on lessons learned • Manage the MSP relationship, ensuring accountability and performance • Oversee: o Security monitoring o Alert triage and response o Vulnerability management o Desk top maintenance and issue resolution • Define SLAs and ensure operational effectiveness • Working with internal and external resources, lead SSAE 18 / SOC audits, including preparation and remediation coordination. • Maintain existing policies, standards, and documentation aligned to actual risk • Create new policies as identified • Co-Own business continuity and disaster recovery programs across the organization • Participate in testing and improvement recommendations • Assess and monitor third-party security posture • Integrate vendor risk into broader risk management practices • Work with and manage other vendor partners to ensure best security practices and successful audits. • Promote a practical, accountable security culture • Deliver targeted training and awareness programs to staff • Stay current on threats and evolving best practices

United States
$130K / year
New York Times Company logo

Executive Director, Newsroom Safety and Security

New York Times Company

Publisher of the internationally recognized daily newspaper, The New York Times , The New York Times Company is a global media organization whose mission is to

Title: Executive Director, Newsroom Safety & Security Location: New York, NY Job Description: The mission of The New York Times is to seek the truth and help people understand the world. That means independent journalism is at the heart of all we do as a company. It’s why we have a world-renowned newsroom that sends journalists to report on the ground from nearly 160 countries. It’s why we focus deeply on how our readers will experience our journalism, from print to audio to a world-class digital and app destination. And it’s why our business strategy centers on making journalism so good that it’s worth paying for. About the Role The New York Times is looking for an Executive Director for Newsroom Safety and Security. You will be responsible for executing and enhancing a strategy to address physical, online, and psychological safety risks faced by journalists and other newsroom staff operating in challenging environments worldwide. The role requires substantial understanding of newsgathering operations, proactive risk mitigation, rapid incident response, time-sensitive communication, and strong cross-functional collaboration. You will both provide direct support and lead a team responsible for delivering security services, leveraging internal resources and, where appropriate, security contractors. This is a critical leadership position where you will be supporting the safety and security of The New York Times Company's newsrooms and report directly to the Senior Vice President, Global Security. Responsibilities: Newsroom Security Operations: - Execute and enhance a tailored security and safety operational plan that reflects newsroom priorities, ongoing physical and digital threat monitoring and assessment, risk mitigation, and evolving industry practices, under the framework established by the SVP, Global Security. - Serve as the primary security partner to newsroom masthead and desk heads. Incident Management: - Lead and continually improve incident response protocols, preventive measures and operational guidelines for security and safety incidents affecting newsroom personnel and bureaus. - Coordinate rapid deployment of support, resources, and expert assistance for affected personnel, as needed. This includes providing direct support in critical situations and guiding the response of the team and contractors during potentially extended periods and outside regular business hours. Risk Assessment: - Provide expert security planning, risk assessments, and logistical support for journalists deploying to high-risk or challenging areas, partnering with newsroom leadership, legal and cybersecurity teams to integrate security and safety into editorial planning. - Develop and improve risk management tools and procedures. Security Awareness and Training: - Develop and implement expanded training curriculums for newsroom staff on a comprehensive range of physical and digital safety and security issues, working in collaboration with other departments. - Collaborate with the cybersecurity, legal, communications and other departments on preventive measures, incident plans, and training initiatives addressing physical and digital security threats. - Develop, oversee, and enhance programs that prioritize and support the psychological well-being of journalists and other newsroom staff, offering resources and coordinating access to professional support where appropriate. Staff Management and Development: - Develop and manage high-performing domestic and international newsroom security teams, fostering a culture of expertise, continuous improvement, and dedication to journalist safety. - Lead collaboration with other groups through a cross-functional operating model that includes cybersecurity, newsroom operations, legal, human resources, and communications, among others. Technology and Equipment: - Collaborate with internal stakeholders, including newsroom operations and enterprise technology, leverage technology and equipment to promote safety, including appropriate security equipment, secure communication tools, and tracking systems for personnel in the field. - Innovate and adapt security solutions to meet the evolving needs of a dynamic news organization. Intelligence Gathering and Analysis: - Work with colleagues in communications and cybersecurity, employ tools to monitor global security trends, open-source intelligence, and specific threats targeting the news organization, its journalists, or other personnel. - Provide timely, accurate, and actionable intelligence briefings to newsroom leadership and key editors to inform decision-making. - Demonstrate support and understanding of our value of journalistic independence and a strong commitment to our mission to seek the truth and help people understand the world. Basic Qualifications: - Bachelor's degree in a relevant field. - Minimum of 10+ years of progressive safety and security experience, with ideally at least 5-7 years focused on supporting journalists or personnel operating in high-risk, sensitive, or international environments. - Proven expertise in global risk assessment, threat mitigation, and complex incident management, including real-world experience with critical incidents involving personnel in the field and the ability to provide direct support during such events. - Strong understanding of the security challenges faced by journalists, including physical threats, digital harassment, and psychological safety. - Proven ability to develop, lead, and deliver specialized security and safety training programs for diverse audiences. - Excellent communication, interpersonal, and diplomatic skills, with the ability to build trust and rapport with journalists, senior leadership, security colleagues across the company, and external partners in challenging situations. - Experience collaborating with cybersecurity teams on converged threats. - Ability to travel as needed to support newsgathering operations and team oversight. Preferred Qualifications: - Master's degree or specialized certifications (e.g., hostile environment training, crisis management, protection professional) - Experience within a major news organization. REQ-020283 The annual base pay range for this role is between: $195,000 - $220,000 USD For roles in the U.S., dependent on your role, you may be eligible for variable pay, such as an annual bonus and restricted stock. Benefits may include medical, dental and vision benefits, Flexible Spending Accounts (F.S.A.s), a company-matching 401(k) plan, paid vacation, paid sick days, paid parental leave, tuition reimbursement and professional development programs. The New York Times Company is committed to being the world’s best source of independent, reliable and quality journalism. To do so, we embrace a diverse workforce that has a broad range of backgrounds and experiences across our ranks, at all levels of the organization. We encourage people from all backgrounds to apply. We are an Equal Opportunity Employer and do not discriminate on the basis of an individual's sex, age, race, color, creed, national origin, alienage, religion, marital status, pregnancy, sexual orientation or affectional preference, gender identity and expression, disability, genetic trait or predisposition, carrier status, citizenship, veteran or military status and other personal characteristics protected by law. All applications will receive consideration for employment without regard to legally protected characteristics. The U.S. Equal Employment Opportunity Commission (EEOC)’s Know Your Rights Poster is available here. The Company encourages those with criminal histories to apply, and will consider their applications in a manner consistent with applicable "Fair Chance" laws, including but not limited to the NYC Fair Chance Act, the Los Angeles Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act.

New York
$195K - $220K / year
Critical Software logo

Working Student (m/f/d) and Junior Cybersecurity Talent

Critical Software

Critical Software is proud to be a Benefit Corporation, committed to making a positive impact on society, workers, the community, and the environment, in addition to profit. We are an equal opportunity workplace and committed to allowing candidates with disabilities or neurodevelopmental conditions to prove their competencies to their full potential.

Role Description Du möchtest deine Karriere im Bereich Cybersecurity starten und an realen, sicherheitskritischen Systemen arbeiten? Wir suchen Studierende und Absolvent:innen, die unser Team verstärken und Cybersecurity-Aktivitäten in der Software- und Systementwicklung mitgestalten – mit Fokus auf zuverlässige Lösungen in der Bahntechnik. Qualifications - Laufendes oder kürzlich abgeschlossenes Studium mit Bezug zur Bahntechnik – idealerweise in Fahrzeugtechnik, Antriebssystemen, Bremstechnik, Bahnsicherheit oder nachhaltiger Schienenmobilität (z. B. ETCS). - Echte Motivation, dich im Bereich Cybersecurity weiterzuentwickeln – mit klarem Fokus auf die Bahnindustrie. Erfahrungen im Mobility-Umfeld sind ein Plus. - Erste Berührungspunkte mit generativer KI oder AI-gestützten Arbeitsweisen sind von Vorteil. - Teamgeist, Kommunikationsstärke und gute Englischkenntnisse in Wort und Schrift. Requirements - Unterstützung bei Cybersecurity-Analysen in Software- und Systemprojekten. - Mitarbeit bei der Umsetzung von Sicherheitsanforderungen. - Mitwirkung an technischer Dokumentation und Sicherheitskonzepten. Benefits - Ein modernes, AI-getriebenes Arbeitsumfeld in einem Unternehmen mit starker Software-Engineering-Kultur und Spezialisierung auf sicherheitskritische Systeme. - Strukturierter Berufseinstieg im Bereich Cybersecurity. - Mentoring durch erfahrene Kolleg:innen und Cybersecurity-Expert:innen direkt in Projekten. - Weiterbildungs- und Zertifizierungsmöglichkeiten. - Zusammenarbeit in internationalen, standortübergreifenden Teams in Portugal, England und Deutschland.

Germany
Fresenius Medical Care logo

Cybersecurity Business Analyst

Fresenius Medical Care

Creating a future worth living. For patients. Worldwide. Every day.

Full TimeRemoteTeam 10,001+Since 1996H1B Sponsor

Title: Cybersecurity Business Analyst Location: Waltham United States Job Description: Address: Headquarters, 920 Winter St, Waltham, Massachusetts, 02451, United States of America Job ID: R0256994 Location Type: Remote Job Description PRINCIPAL DUTIES AND RESPONSIBILITIES: - Work closely with engineering, operations, and security specialists to ensure adequate security solutions and controls are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements. - Assess and understand the organization’s current security posture and future architecture requirements, providing recommendations for improvement and risk reduction. - Ensures implemented solutions support cybersecurity architecture objectives (availability, scalability, performance, security, etc.), as appropriate, and monitors implementation activities to ensure architecture and design principles are upheld. - Supports the implementation of technical artifacts (frameworks, standards, and repeatable patterns, etc.) that constitute the enterprise information security architecture and solutions and work with infrastructure teams to ensure adoption. - Serve as a security expert in application development, database design, network and/or platform (operating system) efforts, helping project teams comply with enterprise and security policies, industry regulations, and best practices. - Design security configuration guidelines for information technology devices and systems, as well as mechanisms for assessing compliance within those guidelines. - Participate in the design and implementation of a comprehensive Zero Trust Architecture framework to ensure the confidentiality, integrity, and availability of our systems and data. - Contribute the creation of security policies, access controls, and authentication mechanisms based on Zero Trust principles. - Evaluate existing network and security infrastructure, identify vulnerabilities, and recommend enhancements to align with Zero Trust principles. - Familiarity with OWASP, SANS Top 20 and prevention/remediation techniques and their implementation. - Ability to work in a group development environment as an application security engineer across software engineer, QA engineer and build/test/release engineer teams. - Experience in deploy/maintain/support/analyzing DAST/SAST scan result - Manage the tactical execution of short- and long-term objectives through the coordination of activities with a direct responsibility for results, including costs, methods, and staffing. PHYSICAL DEMANDS AND WORKING CONDITIONS: - The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. SUPERVISION: - None EDUCATION: - Bachelor's degree in management information systems, Computer Science, or business/science related field required. EXPERIENCE AND REQUIRED SKILLS: - 6-10 years of experience working with internal/external audits or risk management - methods and techniques for the assessment and management of risk. - Familiar with the management, operational, and technical aspects of IT Security in a complex enterprise environment. Additional experience in cyber risk management and assessments will be considered. - Strong understanding of network architecture, protocols, and security technologies. - Familiarity with cloud computing platforms, such as AWS, Azure, or Google Cloud, and their associated security services. - Proficiency in security frameworks and standards, such as ISO 27001, NIST, and CIS. - Ability to operate as a pro-active and result-driven problem solver with excellent analytical and interpersonal skills. - Ability to understand IT processes, management objectives risk appetite and tolerances and impact of objectives, of changes to risk profiles. - CISA, CISSP, CRISC, or other relevant certification(s) desired. - Strong client services orientation and communication skills coupled with a high sense of urgency to keep appropriate partners informed, including solutions to overcome obstacles to deliver to expectation. - Experience in IT governance, risk, and controls, including governance frameworks. - Demonstrated technical writing, communication, and presentation skills. - Ability to work effectively in a team environment. - Creativity in addressing technical challenges. - Proven record to deliver results. The rate of pay for this position will depend on the successful candidate’s work location and qualifications, including relevant education, work experience, skills, and competencies. Annual Rate: $137,000.00 - $229,000.00 Benefit Overview: This position offers a comprehensive benefits package including medical, dental, and vision insurance, a 401(k) with company match, paid time off, parental leave. Fresenius Medical Care is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sexual orientation, gender identity, parental status, national origin, age, disability, military service, or other non-merit-based factors

Massachusetts
$137K - $229K / year