Solving complex Public Sector Use cases using emerging technologies - SBIR Phase III Awardee
Cybersecurity Engineer
Location
United States
Posted
1 day ago
Salary
0
Seniority
Senior
Job Description
Cybersecurity Engineer
VivSoft
• Manage overall platform security to meet/exceed stakeholder cybersecurity expectations • Design and implement security architectures, controls, and technologies for government systems • Lead vulnerability assessment, penetration testing support, and security engineering reviews • Develop and maintain security documentation (SSPs, POA&Ms, etc.) for ATO packages • Support Risk Management Framework (RMF) implementation and continuous monitoring programs • Implement Zero Trust, identity management, and endpoint security solutions • Respond to security incidents, conduct forensic analysis, and coordinate remediation • Provide security guidance to development and infrastructure teams
Job Requirements
- Active U.S. Government Secret clearance.
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field.
- Demonstrated experience as ISSO or Security Engineer on a DoD IL-4 or IL-5 ATO, SSP authoring, POA&M management, and continuous monitoring
- Working knowledge of NIST SP 800; experience with control inheritance from FedRAMP-authorized platforms
- Hands-on experience with security tooling (SIEM, IDS/IPS, EDR, vulnerability management)
- CompTIA Security+, CISSP, or CISM
Benefits
- Comprehensive Medical, Dental, and Vision Plans (Healthcare benefits are 100% employer-paid for employees only)
- Life Insurance
- Paid Time Off (Flexible/Combined PTO, Bereavement Leave, 11 Company Paid Holidays)
- 401K Retirement Plan with employer match
- Professional Development Training Reimbursement.
- Flexible/remote work schedules.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• executing the design, building, testing, and implementation of security systems across our environment • working closely with other members of the Information Security team to identify potential threats and vulnerabilities and develop strategies and solutions to mitigate these risks • securing the end-user device estate and the mobile platforms through which the enterprise increasingly operates • contributing to our overall information security strategy • define and evaluate security architecture for the end-user device estate • advise on mobility security • perform Security Architecture Reviews • deliver Security Architecture Consulting engagements with business partners • provide Risk Evidence Review on request • plan, design, build, and implement enterprise security architecture • evaluate security technologies and controls across the environment • identify and communicate current and emerging security threats and risks • help develop solutions that balance information security needs with the needs of the business • be fluent with AI concepts and incorporate AI into your daily workflows • create reusable security-architecture artifacts • support training and mentorship of more junior employees
Red Team Engineer – Offensive Security Lead
Authentic8The Silo Web Isolation Platform from Authentic8 enables anyone, anywhere, on any device to utilize the web without risk.
• Design, build, and operate an AI-augmented red teaming harness using frontier LLM APIs. • Implement a control loop architecture (Plan | Act | Observe | Adjust) for autonomous and semi-autonomous vulnerability discovery. • Integrate the harness with purpose-built SBOM tooling (Endor Labs), CVE monitoring feeds (NVD, OSV.dev, EPSS/KEV, GitHub Advisory Database, and vendor-specific bulletins), and our CI/CD pipeline (Snyk, SonarQube). • Conduct adversarial testing across four attack perspectives: (Internal source code, External unauthenticated adversary, Internal authenticated user, and Internal unprivileged adversary) • Chain findings identify exploitable paths and corresponding vulnerabilities. • Validate and prioritize findings using CVSS, EPSS, and KEV context before handing off to the patch management pipeline. • Support the development and day-to-day operation of Authentic8's internal Bug Bounty Program. • Collaborate with engineering on custom mitigation decisions when vendor patches are unavailable. • Assume ownership of security stage-gates within our CI/CD pipeline, integrating Snyk, SonarQube, and harness findings into the build process. • Work alongside the SOC Lead on CVE monitoring, alerting, and vulnerability prioritization workflows. • Partner with DevSecOps Engineers on harness architecture and pipeline integration. • Provide technical input to the Integrated Operations Center on detection use case design for our SIEM. • Regularly brief the VP of Information Security on findings, program health, and checkpoint criteria.
Role Description We are seeking a highly skilled and experienced Information Systems Security Officer (ISSO) - Senior to join our team. In this critical role, you will be responsible for executing the full RMF lifecycle across all information systems and applications, leading security assessment activities with the goal of maintaining a 100% Authority to Operate (ATO) status. As a senior leader, you will ensure the rigorous application of cybersecurity policies, manage system remediation efforts, design critical contingency plans, and champion cybersecurity awareness across the organization. Qualifications - Bachelor’s Degree (BA/BS) OR equivalent verifiable work experience - Six (6) years of progressive experience in information assurance, cybersecurity engineering, or ISSO/ISSM roles. Requirements - Must be a U.S. citizen (no dual citizenship). - Ability to pass a background investigation. - Able to obtain and maintain DHS Suitability/Entry on Duty (EOD). - High level of attention to detail and strong organizational skills. - Strong leadership and project management capabilities to drive remediation actions and manage inspection timelines. - Excellent communication and presentation skills, with a proven ability to draft technical status reports and confidently brief clients and senior stakeholders. Position Responsibilities - Security Program Oversight & Leadership - Policy Application: Ensure the rigorous application of cybersecurity policies, principles, and practices in the delivery of all IT cybersecurity services. - Operational Posture: Develop and implement programs as required to ensure that systems, networks, and data users are aware of, understand, and adhere to systems cybersecurity policies and procedures. - Resilience Planning: Develop system security contingency plans and disaster recovery plans to ensure organizational resilience. - Strategic Advisory & Risk Management - Executive & Client Consultation: Help conduct the appropriate remediation actions associated with findings from inspections and evaluations, generate status reports, and brief clients on the security health of information systems or programs. - Risk Management Framework (RMF) Expertise: Provide subject matter expertise and knowledge of RMF to perform Risk Management Framework activities for all information systems and applications. - Operations & Controls: Follow RMF to identify, implement, assess, and manage cybersecurity capabilities and services, expressed as security controls, and authorizing the operation of an information system. - Assessments, Audits, & Compliance - Authorization Support: Lead the security assessment and authorization activities for information systems, maintaining 100% ATO status. - Audit Readiness: Lead cybersecurity-related audits, inspections, assessments, operations, and orders processing. - Standards Alignment: Ensure information systems comply with client requirements and industry standards. - Technical Areas of Expertise - Deep subject matter expertise and advanced knowledge of RMF and NIST security controls. - Proven track record of leading systems successfully through the assessment and authorization process to secure and maintain a 100% ATO status. - Demonstrated experience authoring enterprise-level documentation, including Contingency Plans and Disaster Recovery Plans. - Experience coordinating and leading responses to formal cybersecurity audits, technical inspections, and orders processing. Benefits - Competitive salaries - Full health insurance - Generous time off - Observation of federal holidays - Reimbursement for courses, exams, and tuition Salary Range: $110,000-$125,000
Role Description Avint is seeking a highly motivated Senior Security Controls Assessor (SCA) in support of a critical federal contract. The Senior SCA is a subject matter expert responsible for executing comprehensive, independent assessments of the organization’s most complex information systems, applications, and cloud infrastructures. Operating as a senior-level individual contributor, this role focuses on verifying the implementation, correctness, and effectiveness of technical, operational, and management security controls. The Senior SCA handles the most complex, critical, or sensitive system assessments, serving as a technical mentor to junior assessors and a primary technical advisor to system owners during the Risk Management Framework (RMF) lifecycle. Qualifications - Bachelor’s degree (BS/BA) OR equivalent professional experience. - Security+; higher certifications such as CISSP, CAP, or CASP desired. - Minimum of 8-10 years of dedicated experience in cybersecurity, information assurance, or IT auditing. - At least six (6) years of dedicated experience performing hands-on security controls assessments of the most complex (C4) systems. Requirements - Must be a U.S. citizen (no dual citizenship). - Ability to pass a background investigation. - Able to obtain and maintain DHS Suitability/Entry on Duty (EOD). Soft Skills - Strong analytical, critical thinking, and problem-solving skills with a high level of technical professional skepticism. - Excellent technical writing skills, with the ability to clearly document complex technical findings and defend assessment results to stakeholders. - Exceptional interpersonal and diplomatic skills, allowing for productive collaboration with system administrators, developers, and management. Position Responsibilities - Security Assessment and Validation - Lead comprehensive security control assessments of complex information systems using interview, examination, and testing methods. - Verify compliance with established frameworks such as NIST SP 800-37, NIST SP 800-53, NIST SP 800-171, FISMA, and/or FedRAMP, depending on organizational requirements. - Analyze system architectures, network diagrams, configuration settings, and policies to identify vulnerabilities and compliance gaps. - Review vulnerability scanning results (e.g., Nessus, Qualys) and penetration testing reports to validate the implementation of technical controls. - Technical Mentorship and Quality Assurance - Act as a senior technical escalation point and mentor for mid- and junior-level Security Controls Assessors on the team. - Perform peer reviews of assessment documentation, test results, and reports generated by other team members to ensure technical accuracy and consistency. - Support the SCA Team Lead in defining, refining, and standardizing assessment methodologies, testing procedures, and reporting templates. - Reporting and Risk Management - Author, review, and finalize high-quality Security Assessment Reports (SAR) detailing assessment findings, risks, and recommended remediations. - Present assessment findings and risk postures to Authorizing Officials (AO), system owners, and other stakeholders in clear, actionable terms. - Assist system owners in the development of realistic Plans of Action and Milestones (POA&M) to remediate identified deficiencies. - Collaborate with the Risk Management team to ensure assessment data accurately informs the organization’s continuous monitoring strategy. - Continuous Improvement and Strategy - Stay current on emerging cyber threats, vulnerabilities, regulatory changes, and assessment techniques. - Identify opportunities to automate assessment processes and integrate modern tooling into the assessment lifecycle. - Participate in the development and refinement of enterprise information security policies, standards, and guidelines. - Technical Areas of Expertise - Advanced knowledge of security control frameworks (specifically NIST SP 800-53, NIST SP 800-37, and NIST SP 800-171). - Familiarity with cloud security concepts (AWS, Azure, Google Cloud) and cloud compliance frameworks (FedRAMP). - Knowledge of operating system security, network protocols, access control mechanisms, and vulnerability management tools. Benefits - Competitive salaries. - Full health insurance. - Generous time off and observation of federal holidays. - Reimbursement for courses, exams, and tuition for professional development. Salary Range $125,000-$141,000



