Cyber Security Engineer, Senior

Location: Rockville, MD (Hybrid) (2 Days Onsite)

Position Title: Cyber Security Engineer, Senior

Clearance: Secret

Required: US Citizenship

Position Summary: The Cyber Security Engineer role provides hands-on cybersecurity engineering support for vulnerability assessment, risk management, compliance, and continuous authorization activities in accordance with DoD, Air Force, and federal security standards.

The Cyber Security Engineer works closely with DevSecOps engineers, system administrators, procurement staff, and Government stakeholders to integrate security controls throughout the software lifecycle, support Risk Management Framework (RMF) and Continuous Authority to Operate (C-ATO) processes, and maintain a strong, auditable security posture across cloud, containerized, and SaaS environments.

Key Responsibilities

Security Engineering & Vulnerability Management

• Conduct software security testing across COTS, FOSS, and custom-developed tools prior to onboarding and throughout sustainment within the Client's DevSecOps environment.
• Perform continuous vulnerability monitoring using Government-approved scanning tools, including scheduled and on-demand scans aligned with patch cycles and deployment events.
• Integrate automated security testing into CI/CD pipelines in coordination with DevSecOps engineers to enable early detection of vulnerabilities.
• Analyze scan results to identify, prioritize, and document vulnerabilities based on CVSS scoring, exploitability, system exposure, and mission impact.
• Track vulnerabilities through remediation, validation, and closure, ensuring findings are properly dispositioned and documented.
• Support patch validation and remediation activities, verifying that fixes do not introduce regressions or break security controls.
• Assess software dependencies and third-party components for known vulnerabilities and supply-chain risk.
• Validate secure configuration baselines following installations, upgrades, and patches.

Risk Management Framework and Authorization Support

• Support RMF activities a system categorization, control selection, control implementation, assessment, and continuous monitoring.
• Develop, update, and maintain security accreditation artifacts, including:
• System Security Plans (SSPs)
• Security Assessment Reports (SARs)
• Plans of Action & Milestones (POA&Ms)
• Map implemented technical and procedural controls to NIST control families and document inheritance where applicable.
• Provide cybersecurity input to support Continuous Authorization to Operate (C-ATO) processes for enterprise software tools.
• Support security assessments, audits, and reviews by Government cybersecurity organizations.
• Maintain RMF documentation in approved security documentation and collaboration systems.
• Ensure security artifacts remain current, consistent, and audit-ready throughout the contract lifecycle.

Compliance and Standards Alignment

• Apply and interpret cybersecurity requirements from:
• Support FedRAMP compliance activities for cloud-hosted and SaaS tools, including:
• Validate that integrated tools comply with DoD security, privacy, and data protection requirements prior to approval and deployment.
• Review software configurations to ensure alignment with approved security baselines and accreditation boundaries.
• Identify compliance gaps and recommend technical and procedural mitigations.
• Support ongoing continuous monitoring activities required under RMF and C-ATO models.

Security Reporting and Coordination

• Produce security posture reports summarizing vulnerability trends, open risks, remediation progress, and compliance status.
• Provide cybersecurity input to Software Toolchain Reports and Security Accreditation Reports required by the contract.
• Collaborate with Government cybersecurity, engineering, procurement, and program offices to:
• Communicate security risks
• Recommend mitigations
• Support risk acceptance decisions
• Provide cybersecurity expertise to support Software Purchase Approval Packages (A003) by assessing security posture of proposed tools.
• Participate in technical discussions related to tool onboarding, renewals, and lifecycle decisions.
• Support incident response coordination and root-cause analysis for security-related issues impacting toolchain operations.

Requirements

• 5–7+ years of experience in cybersecurity engineering, vulnerability assessment, and security compliance within DoD or federal environments.
• Bachelor's degree in Cybersecurity, Information Assurance (IA), Computer Science, or a related field, or equivalent professional experience.
• Demonstrated experience supporting RMF and system authorization activities for enterprise systems.
• Experience working within DevSecOps or CI/CD environments supporting cloud and containerized platforms.

Certifications

• One or more of the following (or equivalent):
• Security+
• CISSP
• RMF-related certification

Technical Skills

• Proficiency with vulnerability scanning tools (e.g., Nessus, Qualys, or equivalent).
• Experience using RMF tools and security documentation systems to develop SSPs, SARs, and POA&Ms.
• Working knowledge of cloud security controls, container security concepts, and software supply chain risk.
• Familiarity with Git-based collaboration tools (e.g., GitLab or equivalent) for tracking security artifacts and changes.

Compensation and Benefits

The projected compensation range for this position is $120,000 to $180,000 per year benchmarked in the Washington, D.C. metropolitan area. The salary range provided is a good faith estimate representative of all experience levels. Salary at LCG is determined by various factors, including but not limited to role, location, the combination of education/training, knowledge, skills, competencies, certifications, and work experience.

LCG offers a competitive, comprehensive benefits package which includes health insurance options (medical, dental, vision), life and disability insurance, retirement plan contributions, as well as paid leave, federal holidays, professional development, and lifestyle benefits.

Devoted to Fair and Inclusive Practices

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law.

If you are interested in applying for employment with LCG and need special assistance or an accommodation to apply for a posted position, contact our Human Resources department by email at

Securing Your Data

Beware of fraudulent job offers using LCG's name. LCG will never request payment-related details or advancement of money during the application process. Legitimate communication will only come from or emails, not free commercial services like Gmail or WhatsApp. If you receive suspicious emails asking for payment or personal information, contact us immediately at

If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.