What you'll do

• Design, implement, and maintain the organization’s security architecture in alignment with federal security standards (e.g., FISMA, NIST SP 800-53, 800-171) and contract requirements
• Lead security planning and risk assessments for government systems hosted in AWS
• Serve as the primary security point of contact for government programs, overseeing incident response, vulnerability management, and system hardening activities
• Develop and maintain security documentation required for system authorization, including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), Security Assessment Reports (SARs), and Continuous Monitoring strategies
• Support the Authority to Operate (ATO) process across multiple projects, working closely with compliance teams, federal partners, and internal stakeholders
• Architect, oversee and support implementation of security controls across AWS services (e.g., IAM, KMS, Security Hub, GuardDuty, CloudTrail, Config, WAF, etc.)
• Perform regular audits, security assessments, and continuous monitoring to ensure compliance with government standards and internal policies
• Collaborate with engineering teams to integrate security into SDLC/DevOps pipelines, using tools such as SonarQube, Snyk, Tenable, and Jenkins
• Lead incident response efforts for government systems, including containment, eradication, and recovery, while maintaining proper documentation and communication protocols
• Research and recommend emerging AWS security services and technologies to improve security posture and maintain compliance
• Mentor junior DevSecOps team members and foster a culture of security-first thinking across the organization
• Interface with federal agency stakeholders, auditors, and security assessors to represent the organization’s security practices and compliance efforts
• Participate in proposal development and pre-award planning by advising on security architecture and compliance strategies for new federal opportunities

Required skills

• Bachelor’s or Master’s degree in Computer Science, Information Security, Cybersecurity, or a related field
• 5+ years of experience in information security, with at least 2 years supporting federal government contracts and managing system compliance efforts
• Deep understanding of federal security frameworks, including FISMA, NIST 800-53, 800-171, and FedRAMP
• Hands-on experience managing security for AWS cloud environments, including services such as: IAM, KMS, CloudTrail, Security Hub, GuardDuty, Config, VPC, EC2, Lambda, S3, RDS, DynamoDB, WAF, Shield, Inspector, Secrets Manager
• Experience leading or supporting the ATO process, including documentation, control implementation, security testing, and coordination with third-party assessors or agency officials
• Proficiency in modern DevSecOps toolchains and methodologies (e.g., Terraform, Jenkins, GitHub, New Relic, SonarQube, Snyk, Tenable Nessus)
• Solid understanding of secure software development principles across languages and frameworks such as Java, Spring Boot, Python, Go, JavaScript/TypeScript, and Angular
• Demonstrated ability to communicate security concepts to technical and non-technical stakeholders
• Strong leadership, analytical, and problem-solving skills

Desired skills

• CISSP, CISM, or equivalent federal security certification (e.g., CAP, GSLC)

153000 - 171000 USD a year