Job Description

Job Description

We are seeking skilled Security Engineers to support a civilian federal agency by engineering, implementing, and operating enterprise and cloud security controls. The role will leverage your skills in identity-centric security, Zero Trust Architecture, and public key–based authentication, while also supporting vulnerability management, patching, incident response, and federal compliance requirements.

Key Responsibilities:

· Implement, and operate ICAM solutions, including identity lifecycle management, authentication, authorization, and access governance.

· Implement Zero Trust Architecture in alignment with NIST SP 800-207, emphasizing continuous verification, least privilege, and identity-based access.

· Deploy and support SASE / SSE capabilities, including ZTNA, Secure Web Gateway, CASB, and Firewall-as-a-Service.

· Support PIV smart card and certificate-based authentication across users, device, application, and cloud environments.

· Operate, and maintain PKI and certificate management services, including certificate issuance, renewal, revocation, and automation.

· Engineer and secure cloud environments (AWS, Azure, or GCP), focusing on identity, networking, logging, and secure configurations.

· Perform vulnerability scanning, risk prioritization, and coordination of remediation activities.

· Support patch management efforts by validating system configurations and verifying remediation of security findings.

· Monitor security and identity events using SIEM and related tools; investigate and respond to security incidents.

· Participate in incident response activities, including alert triage, investigation, containment, eradication, and recovery.

· Develop and maintain incident response playbooks, runbooks, and post-incident documentation.

· Develop and maintain security engineering documentation, standards, and operational runbooks.

· Collaborate with IT, cloud, and application teams to integrate security controls into system designs and CICD pipelines.

· Provide compliance and audit support, including technical evidence for ATO, continuous monitoring, and remediation activities.

Required Skills

· Proven experience in identifying and remediating vulnerabilities in both Linux and Windows environments with a strong understanding of compliance requirements.

· Strong understanding of cloud security frameworks and best practices, including NIST, CIS, and ISO 27001.

· Proficiency in using security tools such as Nessus, ORCA, AWS Security Hub, Azure Security Center, Google Cloud Security Command Center, and other vulnerability scanning tools.

· Familiarity with Red Hat Satellite server, WSUS, IBM BigFix or other similar toolsets.

· Knowledge of scripting languages such as Python, Bash, PowerShell, Ansible for automation of security remediation tasks.

· Excellent problem-solving skills and the ability to work under pressure in a fast-paced environment.

· Strong communication and interpersonal skills, with the ability to explain complex security issues to technical and non-technical stakeholders.

Desired Skills

· Experience with IAM / ICAM platforms, identity federation (SAML, OAuth 2.0, OpenID Connect), and privileged access management.

· Hands-on experience implementing Zero Trust and/or SASE/SSE solutions.

· Strong knowledge of PIV/CAC, MFA, and certificate-based authentication.

· Practical experience with PKI, X.509 certificates, CRLs/OCSP, TLS, and key management.

· Experience securing cloud environments and integrating identity-centric controls.

· Knowledge of vulnerability management and patch management processes and tools.

· Familiarity with NIST SP 800-53, 800-63, and 800-207, and FISMA requirements.

· Ability to automate security and certificate lifecycle tasks using scripting tools.

· Strong written and verbal communication skills.

· Desire to work in a SAFe environment to support efficient delivery

Qualifications

Additional Requirements:

· Must be able to obtain public trust prior to starting work.

· Excellent interpersonal and communication skills, both written and verbal.

· Commitment to following stringent security protocols.

· Well-organized, with a high level of attention to detail and the ability to prioritize tasks.

Education

· Bachelor’s degree in computer science, Information Technology.

Additional Information

All your information will be kept confidential according to EEO guidelines.