SECURITY & RISK ENGINEER (SRE)
Zermount, Inc. · Washington, DC · 1 mo ago
Management$233k/yrFull-time
About the role
The System Risk Engineer (SRE) supports system risk analysis and ensures federal information systems comply with Information Assurance and cybersecurity standards. The role directly contributes to mission assurance by identifying, validating, and reducing cybersecurity risk.
Responsibilities
- Execute Security Assessments (SA), Risk Assessments (RA), and Ongoing Authorization (OA) activities by validating security controls in live environments, not solely through documentation review
- Conduct technical verification and validation of security controls across operating systems, applications, databases, cloud platforms, and network infrastructure
- Identify real-world security risks, including exploitable vulnerabilities, misconfigurations, weak trust boundaries, and control failures
- Perform continuous risk analysis using outputs from vulnerability scans, penetration testing, logging platforms, and configuration assessments
- Develop risk-based findings and POA&M matrices, prioritizing remediation based on exploitability, exposure, and mission impact
- Produce executive-quality artifacts (SARs, risk memos, ATO packages, executive briefings) with validated, evidence-backed findings
- Conduct impact analysis for Requests for Change (RFCs), identifying security implications of architectural, configuration, or system modifications
- Validate Zero Trust implementation and alignment across system architectures and capabilities
- Perform technical assessments of system architecture, data flows, and trust boundaries to identify control gaps
- Ensure all deliverables meet accuracy standards with zero rework required and are aligned to program and client expectations
- Provide weekly status reporting and briefings with clear articulation of risks, risk mitigation progress, and technical findings
Qualifications
- 7+ years of cybersecurity experience supporting U.S. Government systems
- 4+ years performing RMF, ISSO, Assessment, or GRC functions with direct technical validation responsibilities
- Demonstrated hands-on experience in at least two technical domains (cloud, network, systems, or databases)
- Proven ability to analyze system configurations, ATOs, and other supporting security documentation
- Proven ability to conduct technical assessments across multiple domains
Clearance Level
Minimum of active Secret Clearance and ability to obtain and maintain DHS suitability
Work Location
The position is primarily remote – Continental U.S only
Hours of Operation
8:00 am EST – 4:30 pm EST
Benefits
Not specified
Schedule
Not specified
Pay
$233,422 per year