Security Engineer

Job Description

We are seeking skilled Security Engineers to support a civilian federal agency by engineering, implementing, and operating enterprise and cloud security controls. The role will leverage your skills in identity-centric security, Zero Trust Architecture, and public key–based authentication, while also supporting vulnerability management, patching, incident response, and federal compliance requirements.

• Implement, and operate ICAM solutions, including identity lifecycle management, authentication, authorization, and access governance.
• Implement Zero Trust Architecture in alignment with NIST SP 800-207, emphasizing continuous verification, least privilege, and identity-based access.
• Deploy and support SASE / SSE capabilities, including ZTNA, Secure Web Gateway, CASB, and Firewall-as-a-Service.
• Support PIV smart card and certificate-based authentication across users, device, application, and cloud environments.
• Operate, and maintain PKI and certificate management services, including certificate issuance, renewal, revocation, and automation.
• Engineer and secure cloud environments (AWS, Azure, or GCP), focusing on identity, networking, logging, and secure configurations.
• Perform vulnerability scanning, risk prioritization, and coordination of remediation activities.
• Support patch management efforts by validating system configurations and verifying remediation of security findings.
• Monitor security and identity events using SIEM and related tools; investigate and respond to security incidents.
• Participate in incident response activities, including alert triage, investigation, containment, eradication, and recovery.
• Develop and maintain incident response playbooks, runbooks, and post-incident documentation.
• Develop and maintain security engineering documentation, standards, and operational runbooks.
• Collaborate with IT, cloud, and application teams to integrate security controls into system designs and CICD pipelines.
• Provide compliance and audit support, including technical evidence for ATO, continuous monitoring, and remediation activities.

• Proven experience in identifying and remediating vulnerabilities in both Linux and Windows environments with a strong understanding of compliance requirements.
• Strong understanding of cloud security frameworks and best practices, including NIST, CIS, and ISO 27001.
• Proficiency in using security tools such as Nessus, ORCA, AWS Security Hub, Azure Security Center, Google Cloud Security Command Center, and other vulnerability scanning tools.
• Familiarity with Red Hat Satellite server, WSUS, IBM Big Fix or other similar toolsets.
• Knowledge of scripting languages such as Python, Bash, Power Shell, Ansible for automation of security remediation tasks.
• Excellent problem‑solving skills and the ability to work under pressure in a fast‑paced environment.
• Strong communication and interpersonal skills, with the ability to explain complex security issues to technical and non‑technical stakeholders.

• Experience with IAM / ICAM platforms, identity federation (SAML, OAuth 2.0, OpenID Connect), and privileged access management.
• Hands‑on experience implementing Zero Trust and/or SASE/SSE solutions.
• Strong knowledge of PIV/CAC, MFA, and certificate‑based authentication.
• Practical experience with PKI, X.509 certificates, CRLs/OCSP, TLS, and key management.
• Experience securing cloud environments and integrating identity‑centric controls.
• Knowledge of vulnerability management and patch management processes and tools.
• Familiarity with NIST SP 800‑53, 800‑63, and 800‑207, and FISMA requirements.
• Ability to automate security and certificate lifecycle tasks using scripting tools.
• Strong written and verbal communication skills.
• Desire to work in a SAFe environment to support efficient delivery.

• Must be able to obtain public trust prior to starting work.
• Excellent interpersonal and communication skills, both written and verbal.
• Commitment to following stringent security protocols.
• Well‑organized, with a high level of attention to detail and the ability to prioritize tasks.

• Bachelor’s degree in computer science, Information Technology.

All your information will be kept confidential according to EEO guidelines.