Lead Security Engineer

Location: Rockville, MD

Work Type: Hybrid Work (Minimum 2 days onsite - may extend based on client meetings, delivery needs, and proposal support)

Job Title: Lead Security Engineer

Clearance: Public Trust

Job Summary: LCG is seeking a Lead Security Engineer will provide senior-level enterprise security engineering, architecture, and cloud security expertise in support of Client's OMTO/DTM Cybersecurity and Management Support. Under the guidance of the HHS CIO, CISO, and SAOP, this role designs and implements security solutions across on-premise and cloud environments, supports security tool operations and integration, ensures environments meet HHS security requirements, and provides expert remediation guidance to address vulnerabilities and security gaps.

Engineer and Implement Enterprise Security Solutions

• Design, engineer, and deploy security capabilities across enterprise systems to strengthen confidentiality, integrity, and availability of SAMHSA information resources.
• Analyze current environments and recommend the best security technology deployment strategies to address operational needs, compliance mandates, and evolving threats.
• Conduct gap analysis on security infrastructure across on-premise and cloud environments, identify weaknesses, and recommend improvements aligned with federal best practices.

Vulnerability & Security Gap Remediation Support

• Provide technical solutions and engineering recommendations to address vulnerability findings, configuration weaknesses, and security control gaps uncovered through internal/external scanning and assessments.
• Support remediation validation by reviewing vulnerability evidence, confirming mitigation actions, and ensuring risk is reduced to acceptable levels per program expectations.

Secure SDLC Support & Dev Sec Ops  / CI-CD Security Alignment

• Collaborate with developers, system engineers, and project teams to identify required protections throughout the system lifecycle and ensure projects integrate required security standards into development.
• Provide technical guidance on what engineering changes, patterns, and workflows are needed to satisfy HHS security requirements during development, modernization, and sustainment.
• Support the agency goal of adopting a Dev Sec Ops  model by helping define security strategies/capabilities and aligning security engineering controls with modern delivery pipelines.
• Collaborate with infrastructure teams to integrate security requirements into CI/CD pipelines and automation strategies for on-prem and cloud environments.

Evaluate Security Tools and Integration Options

• Evaluate security technologies and tool capabilities, determine integration approaches, and create technical recommendations and implementation plans for deployment.
• Analyze HHS design requirements and ensure Client systems meet required enterprise security architecture expectations.

Security Tools Operations & Maintenance Support (Engineering Lead)

• Provide technical expertise for configuration, operations, and lifecycle maintenance of security tools and platforms, including upgrades/patching as needed.
• Coordinate with SAMHSA infrastructure teams and/or vendors to troubleshoot tool outages or failures impacting security monitoring and protection services.
• Support contractor team readiness through knowledge-sharing/training expectations to ensure security tooling can be operated and sustained effectively.

Support CDM Integration and Federal/HHS Mandated Capabilities

• Support integration of Continuous Diagnostics and Mitigation (CDM) capabilities into Client's security architecture and ensure reporting readiness for the HHS CDM dashboard.
• Provide technical expertise to meet federal and HHS directed security capability integration requirements as Client implements mandated security services.

Education: Bachelor's degree in a relevant field discipline ( i.e. Cybersecurity / Information Assurance, or Computer Science, or Information Technology / Information Systems, or Computer Engineering / Systems Engineering, or Network Engineering / Telecommunications)

Certification: CISSP or CAP or CEH or Security+

Experience:

• 8+ years of experience in enterprise security architecture, security engineering, and/or system administration supporting complex enterprise environments.
• 2-3 years of direct cloud security experience supporting cloud-hosted systems and security control implementation (IaaS/PaaS/SaaS).
• Experience assessing enterprise environments to determine security gaps and selecting the best deployment approach for security technologies.
• Experience providing remediation guidance for vulnerability findings and supporting secure development and modernization activities.
• Experience supporting CDM integrations and security reporting readiness.
• Experience working closely with engineering teams in a Dev Ops/Dev Sec Ops  environment and supporting CI/CD pipeline security integrations.

The Lead Security Engineer is expected to support security engineering…