Jobs · Information Technology · Virginia

Lead Security Engineer

Harmonia Holdings Group, LLC · McLean, VA · 5 days ago
Information Technology$126k/yrFull-time

Job Description

This position supports Revolutional's federal customer as part of an application transformation and modernization initiative. This program drives a large-scale transformation of systems into a data-centric, cloud-native ecosystem capable of supporting high-volume, near real-time data processing and advanced analytics. The work includes modernization of legacy applications, development of new cloud-native solutions, and implementation of DevSecOps and scaled Agile practices across the organization.

Project Description

The core challenge is orchestrating complex, multi-contractor delivery while transforming both technology and operating models without disrupting mission-critical operations.

Position Description

As a Lead Security Engineer at Revolutional, you will define and drive enterprise security engineering strategy and execution across a large-scale modernization program. You will integrate security into every layer of the environment, including applications, APIs, data platforms, cloud infrastructure, CI/CD pipelines, and operational processes. You will work across architecture, engineering, operations, and vendor teams to ensure security is proactive, automated, measurable, and aligned with federal compliance requirements.

Responsibilities

  • Provide technical leadership across enterprise security engineering efforts within a large-scale modernization program
  • Design and implement security controls across cloud, application, API, data, and infrastructure layers
  • Integrate security into DevSecOps pipelines using automated scanning, policy enforcement, CI/CD controls, and security governance practices
  • Support Authority to Operate (ATO) processes, POA&M management, continuous monitoring, audit support, and remediation tracking activities
  • Ensure compliance with federal security frameworks and standards including NIST 800-53, FedRAMP, FISMA, Zero Trust, MFA, secure SDLC, and federal ATO requirements
  • Secure system-of-systems (SoS) environments spanning multiple vendors, contractors, integrated platforms, and distributed architectures
  • Implement and govern IAM strategies including RBAC, ABAC, MFA, privileged access management, authentication, authorization, and Zero Trust principles
  • Design and support API and microservices security architectures, including secure API design, token-based authentication, and authorization frameworks
  • Conduct penetration testing, threat modeling, SAST/DAST scanning, vulnerability assessments, and end-to-end remediation coordination
  • Support supply chain security initiatives including Software Bill of Materials (SBOM), dependency risk analysis, and third-party software validation
  • Implement security controls supporting encryption, sensitive data protection, PTA/PIA requirements, privacy standards, and secure data handling practices
  • Support security operations activities including monitoring, alerting, incident response, root cause analysis, and operational troubleshooting
  • Design and maintain dashboards, KPIs, risk reporting, compliance metrics, and security posture reporting
  • Develop and maintain security documentation including architecture artifacts, playbooks, operational procedures, compliance documentation, and governance materials
  • Collaborate across architecture, engineering, operations, and vendor teams to align security requirements with modernization and delivery objectives
  • Mentor engineering and security teams on secure coding, secure architecture, operational security practices, and DevSecOps standards

Technical Environment

  • Cloud-native environments (AWS, Azure)
  • DevSecOps pipelines and CI/CD automation frameworks
  • SIEM, monitoring, alerting, and security analytics platforms
  • Container security, image scanning, and runtime protection tools
  • APIs, microservices, and distributed integration architectures
  • Infrastructure-as-Code and automation platforms
  • Security testing platforms (SAST, DAST, vulnerability management)
  • Identity and access management platforms and Zero Trust architectures
  • Enterprise data ecosystems supporting high-volume and near real-time processing
  • Agile and scaled Agile (SAFe) delivery environments
  • Delivery and collaboration tools (Git, Jira, Confluence, ServiceNow)

What You Bring (Requirements)

  • Baseline Requirements:
  • - U.S. Citizenship with the ability to obtain a Public Trust
  • - 15+ years of experience in cybersecurity, security engineering, or enterprise modernization initiatives
  • - Certified Information Systems Security Professional (CISSP) required
  • - Certified Cloud Security Professional (CCSP) required
  • - Proven experience securing large-scale, distributed cloud and enterprise environments
  • - Ability to obtain and maintain a Public Trust clearance
  • Technical Capabilities:
  • - Strong experience implementing security controls in cloud-native and hybrid environments
  • - Experience supporting ATO processes, POA&M management, continuous monitoring, and federal compliance programs
  • - Strong understanding of NIST 800-53, FedRAMP, FISMA, Zero Trust, MFA, secure SDLC, and federal cybersecurity frameworks
  • - Experience integrating security into DevSecOps pipelines including SAST, DAST, automated policy enforcement, and CI/CD security controls
  • - Experience securing APIs, microservices, distributed systems, and system-of-systems (SoS) environments
  • - Experience implementing IAM strategies including RBAC, ABAC, MFA, and privileged access controls
  • - Experience supporting supply chain security including SBOM and dependency risk management
  • - Experience with penetration testing, vulnerability management, remediation tracking, and threat modeling
  • - Experience implementing data security, encryption, privacy controls, and PTA/PIA processes
  • - Experience supporting security operations including monitoring, alerting, incident response, and root cause analysis
  • - Experience with SIEM, container security, image scanning, runtime protection, and cloud-native security platforms
  • - Experience developing dashboards, KPIs, risk reporting, and security governance reporting
  • - Experience maintaining security documentation, architecture artifacts, playbooks, and compliance records
  • Core Strengths:
  • - Strong ownership mindset with accountability for enterprise security outcomes
  • - Ability to influence security practices across engineering, architecture, and operational teams
  • - Strong decision-making capabilities balancing security, compliance, performance, and delivery objectives
  • - Effective communication across technical, operational, executive, and vendor stakeholders
  • - Ability to operate across complex, evolving, multi-contractor delivery environments
  • - Strong analytical and problem-solving skills with measurable impact on enterprise risk posture
  • Nice to Have (Differentiators):
  • - CISM, CISA, or other advanced cybersecurity certifications
  • - Experience supporting statistical and similarly large-scale federal modernization programs
  • - Experience implementing enterprise Zero Trust architectures
  • - Experience securing high-volume, real-time data processing platforms
  • - Experience supporting DevSecOps-enabled enterprise modernization programs
  • - Experience with large-scale cloud-native operational security environments

Company Culture

Here at Revolutional, we are pleased to have been repeatedly recognized for our outstanding work culture, the innovative work we do, and the employees on our team who make a difference each day. Some of these recognitions include:

  • Recognized as a Top 20 "Best Place to Work in Virginia"
  • Recipient of Department of Labor's HireVets Gold Medallion
  • Great Place to Work Certification for five years running
  • A Virginia Chamber of Commerce Fantastic 50 company
  • A Northern Virginia Technology Council Tech 100 company
  • Inc. 5000 list of fastest growing companies for eleven years
  • Twice SBA SBIR Tibbett's Award winner
  • Virginia Values Veterans (V3) Certification

Similar jobs

Lead Security Engineer

Dev Technology Group, Inc.Suitland, MD· Yesterday
Information Technology$120k–$190k/yrapply on devtechnologygroup.thejobnetwork.com

Lead Security Engineer

AssetMarkCharlotte, NC· 2 wk ago
Information Technology$115k–$135k/yrapply on assetmark.wd5.myworkdayjobs.com

Lead Security Engineer

Dev Technology Group, Inc.Suitland, MD· 2 wk ago
Information Technology$120k–$190k/yrapply on grnh.se

Lead Security Engineer

Bart & Associates, Inc.Suitland, MD· 5 days ago
Information Technologyapply on recruiting.paylocity.com

Lead Security Engineer

AssetMarkAtlanta, GA· 2 wk ago
Information Technology$115k–$135k/yrapply on assetmark.wd5.myworkdayjobs.com