Jobs · Information Technology · Maryland

Lead Security Engineer

Dev Technology Group, Inc. · Suitland, MD · 1 wk ago
On-siteInformation Technology$120k–$190k/yrFull-time

What You'll be Doing

  • Lead the design and implementation of application security solutions, frameworks, and processes across all phases of the SDLC
  • Implement Zero Trust (ZT) principles for applications, workloads, and data, aligned with EO 14028, OMB M-22-09, and NIST SP 800-207 (Zero Trust Architecture)
  • Integrate security into DevSecOps CI/CD pipelines, establishing security gates, automated code inspection, and supply-chain controls, including Software Bill of Materials (SBOM) generation
  • Direct Static and Dynamic Application Security Testing (SAST/DAST), vulnerability assessments, and penetration testing to identify, triage, and remediate security weaknesses
  • Lead threat modeling exercises to analyze application architecture, identify attack vectors, and document mitigation strategies throughout design, development, testing, and deployment
  • Support the Authorization to Operate (ATO) process, including security control assessment, artifact and evidence collection, Privacy Threshold Analysis/Privacy Impact Assessment support, and Plan of Action and Milestones (POA&M) management
  • Implement security controls in accordance with the NIST Cybersecurity Framework and NIST SP 800-53, and remediate identified vulnerabilities and compliance findings
  • Design and implement secure architecture patterns — secure API design, authentication/authorization, input validation, encryption, secure logging and monitoring (SIEM), and secure error/session/configuration management
  • Develop and maintain metrics, dashboards, and reporting to track application security posture, threat trends, and remediation progress over time
  • Support the development and management of Interagency Security Agreements (ISA), security playbooks, and incident response in accordance with current cybersecurity policies
  • Collaborate with application developers, data engineers, systems engineers, and OIS to identify and mitigate vulnerabilities, and provide expert security consultation to development teams
  • Assist in FedRAMP certification activities and the assessment/remediation of independent penetration testing results, as applicable

Required Education, Experience, and Skills

  • Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field
  • 15+ years of relevant IT/cybersecurity experience, providing technical and management leadership on major tasks or technology assignments (SME level)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Demonstrated expertise in integrating security into a DevSecOps SDLC, including CI/CD security gates and automated security testing
  • Hands-on experience implementing Zero Trust Architecture and applying NIST SP 800-53 controls and the NIST Cybersecurity Framework
  • Proven experience leading vulnerability assessments, penetration testing, and threat modeling for enterprise applications
  • Experience supporting the ATO lifecycle and managing POA&Ms, security artifacts, and evidence collection
  • U.S. Citizenship required

Preferred Skills and Experience

  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Experience generating Software Bill of Materials (SBOMs) and implementing software supply-chain security controls
  • Familiarity with SIEM deployment, container/image hardening, and secure baseline configuration
  • Experience in large-scale, multi-cloud federal environments and FedRAMP processes
  • Strong analytical, problem-solving, written, and verbal communication skills, including the ability to brief senior Government stakeholders

Similar jobs

Lead Security Engineer

Harmonia Holdings Group, LLCMcLean, VA· 4 days ago
Information Technology$126k/yrapply on ajax.googleapis.com

Lead Security Engineer

GE VernovaWilmington, NC· 6 days ago
Information Technology$86k–$164k/yrapply on careers.gevernova.com

Lead Security Engineer

Hinge HealthUnited States· 3 wk ago
RemoteInformation Technology$239k–$263k/yrapply on jobs.ashbyhq.com

Lead Security Engineer

AssetMarkAtlanta, GA· 1 wk ago
Information Technology$115k–$135k/yrapply on assetmark.wd5.myworkdayjobs.com