Lead Security Engineer
Dev Technology Group, Inc. · Suitland, MD · 1 wk ago
On-siteInformation Technology$120k–$190k/yrFull-time
What You'll be Doing
- Lead the design and implementation of application security solutions, frameworks, and processes across all phases of the SDLC
- Implement Zero Trust (ZT) principles for applications, workloads, and data, aligned with EO 14028, OMB M-22-09, and NIST SP 800-207 (Zero Trust Architecture)
- Integrate security into DevSecOps CI/CD pipelines, establishing security gates, automated code inspection, and supply-chain controls, including Software Bill of Materials (SBOM) generation
- Direct Static and Dynamic Application Security Testing (SAST/DAST), vulnerability assessments, and penetration testing to identify, triage, and remediate security weaknesses
- Lead threat modeling exercises to analyze application architecture, identify attack vectors, and document mitigation strategies throughout design, development, testing, and deployment
- Support the Authorization to Operate (ATO) process, including security control assessment, artifact and evidence collection, Privacy Threshold Analysis/Privacy Impact Assessment support, and Plan of Action and Milestones (POA&M) management
- Implement security controls in accordance with the NIST Cybersecurity Framework and NIST SP 800-53, and remediate identified vulnerabilities and compliance findings
- Design and implement secure architecture patterns — secure API design, authentication/authorization, input validation, encryption, secure logging and monitoring (SIEM), and secure error/session/configuration management
- Develop and maintain metrics, dashboards, and reporting to track application security posture, threat trends, and remediation progress over time
- Support the development and management of Interagency Security Agreements (ISA), security playbooks, and incident response in accordance with current cybersecurity policies
- Collaborate with application developers, data engineers, systems engineers, and OIS to identify and mitigate vulnerabilities, and provide expert security consultation to development teams
- Assist in FedRAMP certification activities and the assessment/remediation of independent penetration testing results, as applicable
Required Education, Experience, and Skills
- Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field
- 15+ years of relevant IT/cybersecurity experience, providing technical and management leadership on major tasks or technology assignments (SME level)
- Certified Information Systems Security Professional (CISSP)
- Certified Cloud Security Professional (CCSP)
- Demonstrated expertise in integrating security into a DevSecOps SDLC, including CI/CD security gates and automated security testing
- Hands-on experience implementing Zero Trust Architecture and applying NIST SP 800-53 controls and the NIST Cybersecurity Framework
- Proven experience leading vulnerability assessments, penetration testing, and threat modeling for enterprise applications
- Experience supporting the ATO lifecycle and managing POA&Ms, security artifacts, and evidence collection
- U.S. Citizenship required
Preferred Skills and Experience
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Experience generating Software Bill of Materials (SBOMs) and implementing software supply-chain security controls
- Familiarity with SIEM deployment, container/image hardening, and secure baseline configuration
- Experience in large-scale, multi-cloud federal environments and FedRAMP processes
- Strong analytical, problem-solving, written, and verbal communication skills, including the ability to brief senior Government stakeholders